This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: binutils pr 17531 for 2.25?
- From: Nicholas Clifton <nickc at redhat dot com>
- To: Matthias Klose <doko at ubuntu dot com>, Tristan Gingold <gingold at adacore dot com>
- Cc: "binutils at sourceware dot org" <binutils at sourceware dot org>
- Date: Wed, 25 Mar 2015 14:24:13 +0000
- Subject: Re: binutils pr 17531 for 2.25?
- Authentication-results: sourceware.org; auth=none
- References: <54B76668 dot 8060100 at ubuntu dot com>
Hi Matthias, Hi Tristan,
Right, I have checked in a big BFD patch which covers all of the
general, non-ELF specific security fixes. Only one more patch to go now.
Cheers
Nick
bfd/ChangeLog
2015-03-25 Nick Clifton <nickc@redhat.com>
Apply from master:
2015-02-26 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* mach-o.c (bfd_mach_o_read_section_32): Likewise.
(bfd_mach_o_read_section_64): Likewise.
2015-02-10 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* versados.c (process_otr): Check the esdid value before using it
to access the EDATA.
2015-02-03 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* mach-o.c: Use bfd_alloc2 to allocate space for structure arrays.
(bfd_mach_o_canonicalize_one_reloc): Fix check on out
of range symbol indicies.
(bfd_mach_o_canonicalize_relocs): Check for out of range alloc.
(bfd_mach_o_canonicalize_dynamic_reloc): Likewise.
(bfd_mach_o_build_dysymtab): Likewise.
(bfd_mach_o_write_symtab_content): Set the string table size to
zero upon error.
(bfd_mach_o_read_symtab_symbols): Reset the nsyms value if the
read fails.
* tekhex.c (first_phase): Check for src pointer reaching end of
buffer.
2015-01-27 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* pdp11.c (aout_get_external_symbols): Return false if there are
no symbols.
2015-01-22 DJ Delorie <dj@redhat.com>
* elf32-m32c.c (m32c_apply_reloc_24): New.
(m32c_elf_howto_table): Use it for R_M32C_24.
(m32c_elf_relocate_section): Handle R_M32C_24 specially.
2015-01-21 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* mach-o.c (bfd_mach_o_bfd_copy_private_header_data): Always
initialise the fields of the dyld_info structure.
(bfd_mach_o_build_exec_seg_command): Replace assertion with an
error message and a return value.
(bfd_mach_o_layout_commands): Change the function to boolean.
Return FALSE if the function fails.
(bfd_mach_o_build_commands): Fail if bfd_mach_o_layout_commands
fails.
(bfd_mach_o_read_command): Fail if an unrecognised command is
encountered.
* tekhex.c (first_phase): Fail if the section is too big.
* versados.c (struct esdid): Add content_size field.
(process_otr): Use and check the new field.
(versados_get_section_contents): Check that the section exists and
that the requested data is available.
2015-01-19 Alan Modra <amodra@gmail.com>
* bfd-in.h (bfd_get_section_limit_octets): New define, extracted from..
(bfd_get_section_limit): ..here.
* reloc.c (bfd_perform_relocation): Correct bfd_reloc_outofrange check.
(bfd_install_relocation, _bfd_final_link_relocate): Add same check here.
* bfd-in2.h: Regenerate.
* cpu-ns32k.c (_bfd_do_ns32k_reloc_contents): Return bfd_reloc_ok
on zero size relocs.
* ecoff.c (ecoff_reloc_link_order): Likewise.
* elf32-nds32.c (nds32_relocate_contents): Likewise.
* elfxx-aarch64.c (_bfd_aarch64_elf_put_addend): Likewise.
* reloc.c (_bfd_relocate_contents): Don't bomb on zero size relocs.
(_bfd_clear_contents): Likewise.
* elfxx-mips.c (mips_elf_obtain_contents): Likewise.
(mips_elf_perform_relocation): Likewise.
* aoutx.h (aout_link_reloc_link_order): Allow for NULL return
from malloc on zero size alloc.
* cofflink.c (_bfd_coff_reloc_link_order): Likewise.
* elflink.c (elf_reloc_link_order): Likewise.
* linker.c (_bfd_generic_reloc_link_order): Likewise.
* pdp11.c (aout_link_reloc_link_order): Likewise.
* xcofflink.c (xcoff_reloc_link_order): Likewise.
* aoutx.h (howto_table_ext): Ensure NONE relocs have size 3,
bitsize 0, and complain_overflow_dont.
* coff-sparc.c (coff_sparc_howto_table): Likewise.
* elf-hppa.h (elf_hppa_howto_table): Likewise.
* elf-m10200.c (elf_mn10200_howto_table): Likewise.
* elf-m10300.c (elf_mn10300_howto_table): Likewise.
* elf32-arc.c (elf_arc_howto_table): Likewise.
* elf32-arm.c (elf32_arm_howto_table_1): Likewise.
* elf32-avr.c (elf_avr_howto_table): Likewise.
* elf32-bfin.c (bfin_howto_table): Likewise.
* elf32-cr16.c (cr16_elf_howto_table): Likewise.
* elf32-cris.c (cris_elf_howto_table): Likewise.
* elf32-crx.c (crx_elf_howto_table): Likewise.
* elf32-d10v.c (elf_d10v_howto_table): Likewise.
* elf32-d30v.c (elf_d30v_howto_table): Likewise.
* elf32-dlx.c (dlx_elf_howto_table): Likewise.
* elf32-epiphany.c (epiphany_elf_howto_table): Likewise.
* elf32-fr30.c (fr30_elf_howto_table): Likewise.
* elf32-frv.c (elf32_frv_howto_table): Likewise.
* elf32-h8300.c (h8_elf_howto_table): Likewise.
* elf32-i370.c (i370_elf_howto_raw): Likewise.
* elf32-i386.c (elf_howto_table): Likewise.
* elf32-i860.c (elf32_i860_howto_table): Likewise.
* elf32-i960.c (elf32_i960_relocate): Likewise.
* elf32-ip2k.c (ip2k_elf_howto_table): Likewise.
* elf32-iq2000.c (iq2000_elf_howto_table): Likewise.
* elf32-lm32.c (lm32_elf_howto_table): Likewise.
* elf32-m32c.c (m32c_elf_howto_table): Likewise.
* elf32-m32r.c (m32r_elf_howto_table): Likewise.
* elf32-m68hc11.c (elf_m68hc11_howto_table): Likewise.
* elf32-m68hc12.c (elf_m68hc11_howto_table): Likewise.
* elf32-m68k.c (howto_table): Likewise.
* elf32-mcore.c (mcore_elf_howto_raw): Likewise.
* elf32-mep.c (mep_elf_howto_table): Likewise.
* elf32-metag.c (elf_metag_howto_table): Likewise.
* elf32-microblaze.c (microblaze_elf_howto_raw): Likewise.
* elf32-mips.c (elf_mips_howto_table_rel): Likewise.
* elf32-moxie.c (moxie_elf_howto_table): Likewise.
* elf32-msp430.c (elf_msp430_howto_table): Likewise.
* elf32-mt.c (mt_elf_howto_table): Likewise.
* elf32-nds32.c (nds32_elf_howto_table): Likewise.
* elf32-nios2.c (elf_nios2_howto_table_rel): Likewise.
* elf32-or1k.c (or1k_elf_howto_table): Likewise.
* elf32-pj.c (pj_elf_howto_table): Likewise.
* elf32-ppc.c (ppc_elf_howto_raw): Likewise.
* elf32-rl78.c (rl78_elf_howto_table): Likewise.
* elf32-rx.c (rx_elf_howto_table): Likewise.
* elf32-s390.c (elf_howto_table): Likewise.
* elf32-score.c (elf32_score_howto_table): Likewise.
* elf32-score7.c (elf32_score_howto_table): Likewise.
* elf32-sh-relocs.h (R_SH_NONE): Likewise.
* elf32-spu.c (elf_howto_table): Likewise.
* elf32-tic6x.c (elf32_tic6x_howto_table): Likewise.
* elf32-tilepro.c (tilepro_elf_howto_table): Likewise.
* elf32-v850.c (v850_elf_howto_table): Likewise.
* elf32-vax.c (howto_table): Likewise.
* elf32-xc16x.c (xc16x_elf_howto_table): Likewise.
* elf32-xgate.c (elf_xgate_howto_table): Likewise.
* elf32-xstormy16.c (xstormy16_elf_howto_table): Likewise.
* elf32-xtensa.c (elf_howto_table): Likewise.
* elf64-alpha.c (elf64_alpha_howto_table): Likewise.
* elf64-mips.c (mips_elf64_howto_table_rel): Likewise.
* elf64-mmix.c (elf_mmix_howto_table): Likewise.
* elf64-ppc.c (ppc64_elf_howto_raw): Likewise.
* elf64-s390.c (elf_howto_table): Likewise.
* elf64-sh64.c (sh_elf64_howto_table): Likewise.
* elf64-x86-64.c (x86_64_elf_howto_table): Likewise.
* elfn32-mips.c (elf_mips_howto_table_rel): Likewise.
* elfnn-aarch64.c (elfNN_aarch64_howto_table): Likewise.
(elfNN_aarch64_howto_none): Likewise.
* elfxx-ia64.c (ia64_howto_table): Likewise.
* elfxx-sparc.c (_bfd_sparc_elf_howto_table): Likewise.
* elfxx-tilegx.c (tilegx_elf_howto_table): Likewise.
* nlm32-sparc.c (nlm32_sparc_howto_table): Likewise.
2015-01-06 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* mach-o.c (bfd_mach_o_read_symtab_strtab): Zero terminate the
string table.
* reloc.c (bfd_get_reloc_size): Handle a reloc size of -1.
(bfd_perform_relocation): Include the size of the reloc in the
test for an out of range relocation.
(bfd_generic_get_relocated_section_contents): Remove reloc range
test.
* tekhex.c (getvalue): Add an end pointer parameter. Use it to
avoid reading off the end of the buffer.
(getsym): Likewise.
(first_phase): Likewise.
(pass_over): Pass an end pointer to the invoked function.
2015-01-05 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* archive.c (do_slurp_bsd_armap): Make sure that the parsed sized
is at least big enough for the header to be read.
* mach-o.c (bfd_mach_o_get_synthetic_symtab): Add range checks.
(bfd_mach_o_read_command): Prevetn duplicate error messages about
unrecognized commands.
* syms.c (_bfd_stab_section_find_nearest_line): Add range checks
when indexing into the string table.
2014-12-22 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* archive.c (do_slurp_bsd_armap): Return if the parsed_size is
zero.
(bfd_slurp_armap): Zero terminate the name.
(bfd_generic_stat_arch_elt): If there is no header, fail.
* mach-o.c (bfd_mach_o_canonicalize_one_reloc): If no symbols have
been provided then set the reloc's symbol to undefined.
* reloc.c (bfd_generic_get_relocated_section_contents): Add range
checking of the reloc to be applied.
* versados.c (process_otr): Add more range checks.
(versados_canonicalize_reloc): If the section is unknown, set the
symbol to undefined.
* vms-alpha.c (_bfd_vms_slurp_eisd): Add range checks.
(alpha_vms_object_p): Likewise.
2014-12-16 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* format.c (bfd_check_format_matches): Check for a matching vector
before using match priorities.
* mach-o.c (bfd_mach_o_canonicalize_one_reloc): Fix off-by-one
errors with previous delta.
2014-12-09 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* archive64.c (bfd_elf64_archive_slurp_armap): Add range checks.
* libbfd.c (safe_read_leb128): New function.
* libbfd-in.h (safe_read_leb128): Add prototype.
* libbfd.h: Regenerate.
2014-12-03 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* compress.c (bfd_get_full_section_contents): Fail if there are no
section contents available when the compress_status is
COMPRESS_SECTION_DONE.
* libbfd.c (bfd_malloc): Refuse to allocate a negative size.
(bfd_malloc2): Use bfd_malloc.
(bfd_realloc): Refuse to reallocate a negative size.
(bfd_realloc2): Use bfd_realloc.
(bfd_realloc_or_free): Use bfd_realloc.
(bfd_zmalloc): Use bfd_malloc.
(bfd_zmalloc): Use bfd_malloc2.
* opncls.c (bfd_alloc): Refuse to allocate a negative size.
2014-12-01 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* archive.c (do_slurp_coff_armap): Add range checks to prevent
running off the end of the string table.
* compress.c (bfd_get_full_section_contents): Return a NULL
pointer for zero sized sections. Do not attempt to copy a buffer
onto itself.
* reloc.c (bfd_perform_relocation): Avoid seg-fault if the howto
parameter is NULL.
2014-11-26 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* mach-o.c (bfd_mach_o_canonicalize_one_reloc): Likewise.
(bfd_mach_o_mangle_sections): Move test for too many sections to
before the allocation of the section table.
(bfd_mach_o_read_symtab_strtab): If the read fails, free the
memory and nullify the symbol pointer.
* reloc.c (bfd_generic_get_relocated_section_contents): Add
handling of a bfd_reloc_notsupported return value.
* versados.c (EDATA): Add range checking.
(get_record): Likewise.
(process_otr): Check for contents being available before updating
them.
(versados_canonicalize_reloc): Add range check.
2014-11-21 Nick Clifton <nickc@redhat.com>
PR binutils/17512
* ieee.c (next_byte): Convert to a function. Return FALSE if the
next byte is beyond the end of the buffer.
(parse_int): Test the return value of next_byte.
(parse_expression): Convert to boolean. Return FALSE if the
parsing failed. Test the return value of next_byte.
(ieee_seek): Convert to a function. Return FALSE if the seek goes
beyond the end of the buffer.
(ieee_slurp_external_symbols): Test the return value of ieee_seek
and next_byte.
(ieee_slurp_sections): Convert to boolean. Return FALSE if the
operation failed. Test the return value of ieee_seek and
next_byte.
(ieee_archive_p): Test the return value of ieee_seek and
next_byte.
(do_one): Likewise.
(ieee_slurp_section_data): Likewise.
(ieee_object_p): Likewise. Store the size of the buffer in the
total_amt field in the header.
* libieee.h (common_header_type): Add amt field.
* mach-o.c (bfd_mach_o_canonicalize_one_reloc): Check that the
reloc's value is within range.
(bfd_mach_o_read_symtab_symbols): Nullify the symbols field if the
operation fails.
* versados.c (process_otr): Check that the section exists before
taking its size.
(versados_object_p): Make sure that enough data was read for the
header to be checked.
* vms-alpha.c (vms_get_remaining_object_record): Change
read_so_far parameter to an unsigned int. Check that the amount
read is in range.
diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index 906c975..9363c1a 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,3 +1,305 @@
+2015-03-25 Nick Clifton <nickc@redhat.com>
+
+ Apply from master:
+ 2015-02-26 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * mach-o.c (bfd_mach_o_read_section_32): Likewise.
+ (bfd_mach_o_read_section_64): Likewise.
+
+ 2015-02-10 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * versados.c (process_otr): Check the esdid value before using it
+ to access the EDATA.
+
+ 2015-02-03 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * mach-o.c: Use bfd_alloc2 to allocate space for structure arrays.
+ (bfd_mach_o_canonicalize_one_reloc): Fix check on out
+ of range symbol indicies.
+ (bfd_mach_o_canonicalize_relocs): Check for out of range alloc.
+ (bfd_mach_o_canonicalize_dynamic_reloc): Likewise.
+ (bfd_mach_o_build_dysymtab): Likewise.
+ (bfd_mach_o_write_symtab_content): Set the string table size to
+ zero upon error.
+ (bfd_mach_o_read_symtab_symbols): Reset the nsyms value if the
+ read fails.
+ * tekhex.c (first_phase): Check for src pointer reaching end of
+ buffer.
+
+ 2015-01-27 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * pdp11.c (aout_get_external_symbols): Return false if there are
+ no symbols.
+
+ 2015-01-22 DJ Delorie <dj@redhat.com>
+
+ * elf32-m32c.c (m32c_apply_reloc_24): New.
+ (m32c_elf_howto_table): Use it for R_M32C_24.
+ (m32c_elf_relocate_section): Handle R_M32C_24 specially.
+
+ 2015-01-21 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * mach-o.c (bfd_mach_o_bfd_copy_private_header_data): Always
+ initialise the fields of the dyld_info structure.
+ (bfd_mach_o_build_exec_seg_command): Replace assertion with an
+ error message and a return value.
+ (bfd_mach_o_layout_commands): Change the function to boolean.
+ Return FALSE if the function fails.
+ (bfd_mach_o_build_commands): Fail if bfd_mach_o_layout_commands
+ fails.
+ (bfd_mach_o_read_command): Fail if an unrecognised command is
+ encountered.
+ * tekhex.c (first_phase): Fail if the section is too big.
+ * versados.c (struct esdid): Add content_size field.
+ (process_otr): Use and check the new field.
+ (versados_get_section_contents): Check that the section exists and
+ that the requested data is available.
+
+ 2015-01-19 Alan Modra <amodra@gmail.com>
+
+ * bfd-in.h (bfd_get_section_limit_octets): New define, extracted from..
+ (bfd_get_section_limit): ..here.
+ * reloc.c (bfd_perform_relocation): Correct bfd_reloc_outofrange check.
+ (bfd_install_relocation, _bfd_final_link_relocate): Add same check here.
+ * bfd-in2.h: Regenerate.
+
+ * cpu-ns32k.c (_bfd_do_ns32k_reloc_contents): Return bfd_reloc_ok
+ on zero size relocs.
+ * ecoff.c (ecoff_reloc_link_order): Likewise.
+ * elf32-nds32.c (nds32_relocate_contents): Likewise.
+ * elfxx-aarch64.c (_bfd_aarch64_elf_put_addend): Likewise.
+
+ * reloc.c (_bfd_relocate_contents): Don't bomb on zero size relocs.
+ (_bfd_clear_contents): Likewise.
+ * elfxx-mips.c (mips_elf_obtain_contents): Likewise.
+ (mips_elf_perform_relocation): Likewise.
+
+ * aoutx.h (aout_link_reloc_link_order): Allow for NULL return
+ from malloc on zero size alloc.
+ * cofflink.c (_bfd_coff_reloc_link_order): Likewise.
+ * elflink.c (elf_reloc_link_order): Likewise.
+ * linker.c (_bfd_generic_reloc_link_order): Likewise.
+ * pdp11.c (aout_link_reloc_link_order): Likewise.
+ * xcofflink.c (xcoff_reloc_link_order): Likewise.
+
+ * aoutx.h (howto_table_ext): Ensure NONE relocs have size 3,
+ bitsize 0, and complain_overflow_dont.
+ * coff-sparc.c (coff_sparc_howto_table): Likewise.
+ * elf-hppa.h (elf_hppa_howto_table): Likewise.
+ * elf-m10200.c (elf_mn10200_howto_table): Likewise.
+ * elf-m10300.c (elf_mn10300_howto_table): Likewise.
+ * elf32-arc.c (elf_arc_howto_table): Likewise.
+ * elf32-arm.c (elf32_arm_howto_table_1): Likewise.
+ * elf32-avr.c (elf_avr_howto_table): Likewise.
+ * elf32-bfin.c (bfin_howto_table): Likewise.
+ * elf32-cr16.c (cr16_elf_howto_table): Likewise.
+ * elf32-cris.c (cris_elf_howto_table): Likewise.
+ * elf32-crx.c (crx_elf_howto_table): Likewise.
+ * elf32-d10v.c (elf_d10v_howto_table): Likewise.
+ * elf32-d30v.c (elf_d30v_howto_table): Likewise.
+ * elf32-dlx.c (dlx_elf_howto_table): Likewise.
+ * elf32-epiphany.c (epiphany_elf_howto_table): Likewise.
+ * elf32-fr30.c (fr30_elf_howto_table): Likewise.
+ * elf32-frv.c (elf32_frv_howto_table): Likewise.
+ * elf32-h8300.c (h8_elf_howto_table): Likewise.
+ * elf32-i370.c (i370_elf_howto_raw): Likewise.
+ * elf32-i386.c (elf_howto_table): Likewise.
+ * elf32-i860.c (elf32_i860_howto_table): Likewise.
+ * elf32-i960.c (elf32_i960_relocate): Likewise.
+ * elf32-ip2k.c (ip2k_elf_howto_table): Likewise.
+ * elf32-iq2000.c (iq2000_elf_howto_table): Likewise.
+ * elf32-lm32.c (lm32_elf_howto_table): Likewise.
+ * elf32-m32c.c (m32c_elf_howto_table): Likewise.
+ * elf32-m32r.c (m32r_elf_howto_table): Likewise.
+ * elf32-m68hc11.c (elf_m68hc11_howto_table): Likewise.
+ * elf32-m68hc12.c (elf_m68hc11_howto_table): Likewise.
+ * elf32-m68k.c (howto_table): Likewise.
+ * elf32-mcore.c (mcore_elf_howto_raw): Likewise.
+ * elf32-mep.c (mep_elf_howto_table): Likewise.
+ * elf32-metag.c (elf_metag_howto_table): Likewise.
+ * elf32-microblaze.c (microblaze_elf_howto_raw): Likewise.
+ * elf32-mips.c (elf_mips_howto_table_rel): Likewise.
+ * elf32-moxie.c (moxie_elf_howto_table): Likewise.
+ * elf32-msp430.c (elf_msp430_howto_table): Likewise.
+ * elf32-mt.c (mt_elf_howto_table): Likewise.
+ * elf32-nds32.c (nds32_elf_howto_table): Likewise.
+ * elf32-nios2.c (elf_nios2_howto_table_rel): Likewise.
+ * elf32-or1k.c (or1k_elf_howto_table): Likewise.
+ * elf32-pj.c (pj_elf_howto_table): Likewise.
+ * elf32-ppc.c (ppc_elf_howto_raw): Likewise.
+ * elf32-rl78.c (rl78_elf_howto_table): Likewise.
+ * elf32-rx.c (rx_elf_howto_table): Likewise.
+ * elf32-s390.c (elf_howto_table): Likewise.
+ * elf32-score.c (elf32_score_howto_table): Likewise.
+ * elf32-score7.c (elf32_score_howto_table): Likewise.
+ * elf32-sh-relocs.h (R_SH_NONE): Likewise.
+ * elf32-spu.c (elf_howto_table): Likewise.
+ * elf32-tic6x.c (elf32_tic6x_howto_table): Likewise.
+ * elf32-tilepro.c (tilepro_elf_howto_table): Likewise.
+ * elf32-v850.c (v850_elf_howto_table): Likewise.
+ * elf32-vax.c (howto_table): Likewise.
+ * elf32-xc16x.c (xc16x_elf_howto_table): Likewise.
+ * elf32-xgate.c (elf_xgate_howto_table): Likewise.
+ * elf32-xstormy16.c (xstormy16_elf_howto_table): Likewise.
+ * elf32-xtensa.c (elf_howto_table): Likewise.
+ * elf64-alpha.c (elf64_alpha_howto_table): Likewise.
+ * elf64-mips.c (mips_elf64_howto_table_rel): Likewise.
+ * elf64-mmix.c (elf_mmix_howto_table): Likewise.
+ * elf64-ppc.c (ppc64_elf_howto_raw): Likewise.
+ * elf64-s390.c (elf_howto_table): Likewise.
+ * elf64-sh64.c (sh_elf64_howto_table): Likewise.
+ * elf64-x86-64.c (x86_64_elf_howto_table): Likewise.
+ * elfn32-mips.c (elf_mips_howto_table_rel): Likewise.
+ * elfnn-aarch64.c (elfNN_aarch64_howto_table): Likewise.
+ (elfNN_aarch64_howto_none): Likewise.
+ * elfxx-ia64.c (ia64_howto_table): Likewise.
+ * elfxx-sparc.c (_bfd_sparc_elf_howto_table): Likewise.
+ * elfxx-tilegx.c (tilegx_elf_howto_table): Likewise.
+ * nlm32-sparc.c (nlm32_sparc_howto_table): Likewise.
+
+ 2015-01-06 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * mach-o.c (bfd_mach_o_read_symtab_strtab): Zero terminate the
+ string table.
+
+ * reloc.c (bfd_get_reloc_size): Handle a reloc size of -1.
+ (bfd_perform_relocation): Include the size of the reloc in the
+ test for an out of range relocation.
+ (bfd_generic_get_relocated_section_contents): Remove reloc range
+ test.
+
+ * tekhex.c (getvalue): Add an end pointer parameter. Use it to
+ avoid reading off the end of the buffer.
+ (getsym): Likewise.
+ (first_phase): Likewise.
+ (pass_over): Pass an end pointer to the invoked function.
+
+ 2015-01-05 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * archive.c (do_slurp_bsd_armap): Make sure that the parsed sized
+ is at least big enough for the header to be read.
+ * mach-o.c (bfd_mach_o_get_synthetic_symtab): Add range checks.
+ (bfd_mach_o_read_command): Prevetn duplicate error messages about
+ unrecognized commands.
+ * syms.c (_bfd_stab_section_find_nearest_line): Add range checks
+ when indexing into the string table.
+
+ 2014-12-22 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * archive.c (do_slurp_bsd_armap): Return if the parsed_size is
+ zero.
+ (bfd_slurp_armap): Zero terminate the name.
+ (bfd_generic_stat_arch_elt): If there is no header, fail.
+ * mach-o.c (bfd_mach_o_canonicalize_one_reloc): If no symbols have
+ been provided then set the reloc's symbol to undefined.
+ * reloc.c (bfd_generic_get_relocated_section_contents): Add range
+ checking of the reloc to be applied.
+ * versados.c (process_otr): Add more range checks.
+ (versados_canonicalize_reloc): If the section is unknown, set the
+ symbol to undefined.
+ * vms-alpha.c (_bfd_vms_slurp_eisd): Add range checks.
+ (alpha_vms_object_p): Likewise.
+
+ 2014-12-16 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * format.c (bfd_check_format_matches): Check for a matching vector
+ before using match priorities.
+ * mach-o.c (bfd_mach_o_canonicalize_one_reloc): Fix off-by-one
+ errors with previous delta.
+
+ 2014-12-09 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * archive64.c (bfd_elf64_archive_slurp_armap): Add range checks.
+ * libbfd.c (safe_read_leb128): New function.
+ * libbfd-in.h (safe_read_leb128): Add prototype.
+ * libbfd.h: Regenerate.
+
+ 2014-12-03 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * compress.c (bfd_get_full_section_contents): Fail if there are no
+ section contents available when the compress_status is
+ COMPRESS_SECTION_DONE.
+ * libbfd.c (bfd_malloc): Refuse to allocate a negative size.
+ (bfd_malloc2): Use bfd_malloc.
+ (bfd_realloc): Refuse to reallocate a negative size.
+ (bfd_realloc2): Use bfd_realloc.
+ (bfd_realloc_or_free): Use bfd_realloc.
+ (bfd_zmalloc): Use bfd_malloc.
+ (bfd_zmalloc): Use bfd_malloc2.
+ * opncls.c (bfd_alloc): Refuse to allocate a negative size.
+
+ 2014-12-01 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * archive.c (do_slurp_coff_armap): Add range checks to prevent
+ running off the end of the string table.
+ * compress.c (bfd_get_full_section_contents): Return a NULL
+ pointer for zero sized sections. Do not attempt to copy a buffer
+ onto itself.
+ * reloc.c (bfd_perform_relocation): Avoid seg-fault if the howto
+ parameter is NULL.
+
+ 2014-11-26 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * mach-o.c (bfd_mach_o_canonicalize_one_reloc): Likewise.
+ (bfd_mach_o_mangle_sections): Move test for too many sections to
+ before the allocation of the section table.
+ (bfd_mach_o_read_symtab_strtab): If the read fails, free the
+ memory and nullify the symbol pointer.
+ * reloc.c (bfd_generic_get_relocated_section_contents): Add
+ handling of a bfd_reloc_notsupported return value.
+ * versados.c (EDATA): Add range checking.
+ (get_record): Likewise.
+ (process_otr): Check for contents being available before updating
+ them.
+ (versados_canonicalize_reloc): Add range check.
+
+ 2014-11-21 Nick Clifton <nickc@redhat.com>
+
+ PR binutils/17512
+ * ieee.c (next_byte): Convert to a function. Return FALSE if the
+ next byte is beyond the end of the buffer.
+ (parse_int): Test the return value of next_byte.
+ (parse_expression): Convert to boolean. Return FALSE if the
+ parsing failed. Test the return value of next_byte.
+ (ieee_seek): Convert to a function. Return FALSE if the seek goes
+ beyond the end of the buffer.
+ (ieee_slurp_external_symbols): Test the return value of ieee_seek
+ and next_byte.
+ (ieee_slurp_sections): Convert to boolean. Return FALSE if the
+ operation failed. Test the return value of ieee_seek and
+ next_byte.
+ (ieee_archive_p): Test the return value of ieee_seek and
+ next_byte.
+ (do_one): Likewise.
+ (ieee_slurp_section_data): Likewise.
+ (ieee_object_p): Likewise. Store the size of the buffer in the
+ total_amt field in the header.
+ * libieee.h (common_header_type): Add amt field.
+ * mach-o.c (bfd_mach_o_canonicalize_one_reloc): Check that the
+ reloc's value is within range.
+ (bfd_mach_o_read_symtab_symbols): Nullify the symbols field if the
+ operation fails.
+ * versados.c (process_otr): Check that the section exists before
+ taking its size.
+ (versados_object_p): Make sure that enough data was read for the
+ header to be checked.
+ * vms-alpha.c (vms_get_remaining_object_record): Change
+ read_so_far parameter to an unsigned int. Check that the amount
+ read is in range.
+
2015-03-24 Nick Clifton <nickc@redhat.com>
Apply from master:
diff --git a/bfd/aoutx.h b/bfd/aoutx.h
index 9385a98..764d163 100644
--- a/bfd/aoutx.h
+++ b/bfd/aoutx.h
@@ -203,8 +203,8 @@ reloc_howto_type howto_table_ext[] =
HOWTO (RELOC_GLOB_DAT,0, 2, 0, FALSE, 0, complain_overflow_bitfield, 0, "GLOB_DAT", FALSE, 0, 0x00000000, FALSE),
HOWTO (RELOC_JMP_SLOT,0, 2, 0, FALSE, 0, complain_overflow_bitfield, 0, "JMP_SLOT", FALSE, 0, 0x00000000, FALSE),
HOWTO (RELOC_RELATIVE,0, 2, 0, FALSE, 0, complain_overflow_bitfield, 0, "RELATIVE", FALSE, 0, 0x00000000, FALSE),
- HOWTO (0, 0, 0, 0, FALSE, 0, complain_overflow_dont, 0, "R_SPARC_NONE",FALSE, 0, 0x00000000, TRUE),
- HOWTO (0, 0, 0, 0, FALSE, 0, complain_overflow_dont, 0, "R_SPARC_NONE",FALSE, 0, 0x00000000, TRUE),
+ HOWTO (0, 0, 3, 0, FALSE, 0, complain_overflow_dont, 0, "R_SPARC_NONE",FALSE, 0, 0x00000000, TRUE),
+ HOWTO (0, 0, 3, 0, FALSE, 0, complain_overflow_dont, 0, "R_SPARC_NONE",FALSE, 0, 0x00000000, TRUE),
#define RELOC_SPARC_REV32 RELOC_WDISP19
HOWTO (RELOC_SPARC_REV32, 0, 2, 32, FALSE, 0, complain_overflow_dont, 0,"R_SPARC_REV32",FALSE, 0, 0xffffffff, FALSE),
};
@@ -3816,7 +3816,7 @@ aout_link_reloc_link_order (struct aout_final_link_info *flaginfo,
size = bfd_get_reloc_size (howto);
buf = (bfd_byte *) bfd_zmalloc (size);
- if (buf == NULL)
+ if (buf == NULL && size != 0)
return FALSE;
r = MY_relocate_contents (howto, flaginfo->output_bfd,
(bfd_vma) pr->addend, buf);
diff --git a/bfd/archive.c b/bfd/archive.c
index df37996..34a9830 100644
--- a/bfd/archive.c
+++ b/bfd/archive.c
@@ -311,8 +311,7 @@ _bfd_look_for_bfd_in_cache (bfd *arch_bfd, file_ptr filepos)
struct ar_cache *entry = (struct ar_cache *) htab_find (hash_table, &m);
if (!entry)
return NULL;
- else
- return entry->arbfd;
+ return entry->arbfd;
}
else
return NULL;
@@ -902,6 +901,10 @@ do_slurp_bsd_armap (bfd *abfd)
return FALSE;
parsed_size = mapdata->parsed_size;
free (mapdata);
+ /* PR 17512: file: 883ff754. */
+ /* PR 17512: file: 0458885f. */
+ if (parsed_size < 4)
+ return FALSE;
raw_armap = (bfd_byte *) bfd_zalloc (abfd, parsed_size);
if (raw_armap == NULL)
@@ -1038,12 +1041,19 @@ do_slurp_coff_armap (bfd *abfd)
}
/* OK, build the carsyms. */
- for (i = 0; i < nsymz; i++)
+ for (i = 0; i < nsymz && stringsize > 0; i++)
{
+ bfd_size_type len;
+
rawptr = raw_armap + i;
carsyms->file_offset = swap ((bfd_byte *) rawptr);
carsyms->name = stringbase;
- stringbase += strlen (stringbase) + 1;
+ /* PR 17512: file: 4a1d50c1. */
+ len = strnlen (stringbase, stringsize);
+ if (len < stringsize)
+ len ++;
+ stringbase += len;
+ stringsize -= len;
carsyms++;
}
*stringbase = 0;
@@ -1131,6 +1141,7 @@ bfd_slurp_armap (bfd *abfd)
return FALSE;
if (bfd_seek (abfd, -(file_ptr) (sizeof (hdr) + 20), SEEK_CUR) != 0)
return FALSE;
+ extname[20] = 0;
if (CONST_STRNEQ (extname, "__.SYMDEF SORTED")
|| CONST_STRNEQ (extname, "__.SYMDEF"))
return do_slurp_bsd_armap (abfd);
@@ -1964,6 +1975,9 @@ bfd_generic_stat_arch_elt (bfd *abfd, struct stat *buf)
}
hdr = arch_hdr (abfd);
+ /* PR 17512: file: 3d9e9fe9. */
+ if (hdr == NULL)
+ return -1;
#define foo(arelt, stelt, size) \
buf->stelt = strtol (hdr->arelt, &aloser, size); \
diff --git a/bfd/archive64.c b/bfd/archive64.c
index 6b87ec5..9d29b90 100644
--- a/bfd/archive64.c
+++ b/bfd/archive64.c
@@ -46,6 +46,7 @@ bfd_elf64_archive_slurp_armap (bfd *abfd)
struct areltdata *mapdata;
bfd_byte int_buf[8];
char *stringbase;
+ char *stringend;
bfd_byte *raw_armap = NULL;
carsym *carsyms;
bfd_size_type amt;
@@ -92,11 +93,18 @@ bfd_elf64_archive_slurp_armap (bfd *abfd)
ptrsize = 8 * nsymz;
amt = carsym_size + stringsize + 1;
+ if (carsym_size < nsymz || ptrsize < nsymz || amt < nsymz)
+ {
+ bfd_set_error (bfd_error_malformed_archive);
+ return FALSE;
+ }
ardata->symdefs = (struct carsym *) bfd_zalloc (abfd, amt);
if (ardata->symdefs == NULL)
return FALSE;
carsyms = ardata->symdefs;
stringbase = ((char *) ardata->symdefs) + carsym_size;
+ stringbase[stringsize] = 0;
+ stringend = stringbase + stringsize;
raw_armap = (bfd_byte *) bfd_alloc (abfd, ptrsize);
if (raw_armap == NULL)
@@ -114,7 +122,8 @@ bfd_elf64_archive_slurp_armap (bfd *abfd)
{
carsyms->file_offset = bfd_getb64 (raw_armap + i * 8);
carsyms->name = stringbase;
- stringbase += strlen (stringbase) + 1;
+ if (stringbase < stringend)
+ stringbase += strlen (stringbase) + 1;
++carsyms;
}
*stringbase = '\0';
diff --git a/bfd/bfd-in.h b/bfd/bfd-in.h
index 1f80a76..1607872 100644
--- a/bfd/bfd-in.h
+++ b/bfd/bfd-in.h
@@ -292,10 +292,13 @@ typedef struct bfd_section *sec_ptr;
#define bfd_is_com_section(ptr) (((ptr)->flags & SEC_IS_COMMON) != 0)
+#define bfd_get_section_limit_octets(bfd, sec) \
+ ((bfd)->direction != write_direction && (sec)->rawsize != 0 \
+ ? (sec)->rawsize : (sec)->size)
+
/* Find the address one past the end of SEC. */
#define bfd_get_section_limit(bfd, sec) \
- (((bfd)->direction != write_direction && (sec)->rawsize != 0 \
- ? (sec)->rawsize : (sec)->size) / bfd_octets_per_byte (bfd))
+ (bfd_get_section_limit_octets(bfd, sec) / bfd_octets_per_byte (bfd))
/* Return TRUE if input section SEC has been discarded. */
#define discarded_section(sec) \
diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h
index c7a2bb5..bca5181 100644
--- a/bfd/bfd-in2.h
+++ b/bfd/bfd-in2.h
@@ -299,10 +299,13 @@ typedef struct bfd_section *sec_ptr;
#define bfd_is_com_section(ptr) (((ptr)->flags & SEC_IS_COMMON) != 0)
+#define bfd_get_section_limit_octets(bfd, sec) \
+ ((bfd)->direction != write_direction && (sec)->rawsize != 0 \
+ ? (sec)->rawsize : (sec)->size)
+
/* Find the address one past the end of SEC. */
#define bfd_get_section_limit(bfd, sec) \
- (((bfd)->direction != write_direction && (sec)->rawsize != 0 \
- ? (sec)->rawsize : (sec)->size) / bfd_octets_per_byte (bfd))
+ (bfd_get_section_limit_octets(bfd, sec) / bfd_octets_per_byte (bfd))
/* Return TRUE if input section SEC has been discarded. */
#define discarded_section(sec) \
diff --git a/bfd/coff-sparc.c b/bfd/coff-sparc.c
index 031dcd0..21d9933 100644
--- a/bfd/coff-sparc.c
+++ b/bfd/coff-sparc.c
@@ -74,7 +74,7 @@ bfd_coff_generic_reloc (bfd *abfd ATTRIBUTE_UNUSED,
static reloc_howto_type coff_sparc_howto_table[] =
{
- HOWTO(R_SPARC_NONE, 0,0, 0,FALSE,0,complain_overflow_dont, bfd_coff_generic_reloc,"R_SPARC_NONE", FALSE,0,0x00000000,TRUE),
+ HOWTO(R_SPARC_NONE, 0,3, 0,FALSE,0,complain_overflow_dont, bfd_coff_generic_reloc,"R_SPARC_NONE", FALSE,0,0x00000000,TRUE),
HOWTO(R_SPARC_8, 0,0, 8,FALSE,0,complain_overflow_bitfield,bfd_coff_generic_reloc,"R_SPARC_8", FALSE,0,0x000000ff,TRUE),
HOWTO(R_SPARC_16, 0,1,16,FALSE,0,complain_overflow_bitfield,bfd_coff_generic_reloc,"R_SPARC_16", FALSE,0,0x0000ffff,TRUE),
HOWTO(R_SPARC_32, 0,2,32,FALSE,0,complain_overflow_bitfield,bfd_coff_generic_reloc,"R_SPARC_32", FALSE,0,0xffffffff,TRUE),
diff --git a/bfd/compress.c b/bfd/compress.c
index 20eef95..6a87258 100644
--- a/bfd/compress.c
+++ b/bfd/compress.c
@@ -239,6 +239,8 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr)
#endif
case COMPRESS_SECTION_DONE:
+ if (sec->contents == NULL)
+ return FALSE;
if (p == NULL)
{
p = (bfd_byte *) bfd_malloc (sz);
@@ -246,7 +248,9 @@ bfd_get_full_section_contents (bfd *abfd, sec_ptr sec, bfd_byte **ptr)
return FALSE;
*ptr = p;
}
- memcpy (p, sec->contents, sz);
+ /* PR 17512; file: 5bc29788. */
+ if (p != sec->contents)
+ memcpy (p, sec->contents, sz);
return TRUE;
default:
diff --git a/bfd/cpu-ns32k.c b/bfd/cpu-ns32k.c
index 55ee030..cee72b3 100644
--- a/bfd/cpu-ns32k.c
+++ b/bfd/cpu-ns32k.c
@@ -585,8 +585,9 @@ _bfd_do_ns32k_reloc_contents (reloc_howto_type *howto,
switch (size)
{
default:
- case 0:
abort ();
+ case 0:
+ return bfd_reloc_ok;
case 1:
case 2:
case 4:
diff --git a/bfd/elf-hppa.h b/bfd/elf-hppa.h
index 5ee7de8..705bdac 100644
--- a/bfd/elf-hppa.h
+++ b/bfd/elf-hppa.h
@@ -47,7 +47,7 @@
static reloc_howto_type elf_hppa_howto_table[ELF_HOWTO_TABLE_SIZE] =
{
- { R_PARISC_NONE, 0, 0, 0, FALSE, 0, complain_overflow_bitfield,
+ { R_PARISC_NONE, 0, 3, 0, FALSE, 0, complain_overflow_dont,
bfd_elf_generic_reloc, "R_PARISC_NONE", FALSE, 0, 0, FALSE },
/* The values in DIR32 are to placate the check in
diff --git a/bfd/elf-m10200.c b/bfd/elf-m10200.c
index 86872b7..cbeda2f 100644
--- a/bfd/elf-m10200.c
+++ b/bfd/elf-m10200.c
@@ -46,11 +46,11 @@ static reloc_howto_type elf_mn10200_howto_table[] =
/* Dummy relocation. Does nothing. */
HOWTO (R_MN10200_NONE,
0,
- 2,
- 16,
+ 3,
+ 0,
FALSE,
0,
- complain_overflow_bitfield,
+ complain_overflow_dont,
bfd_elf_generic_reloc,
"R_MN10200_NONE",
FALSE,
diff --git a/bfd/elf-m10300.c b/bfd/elf-m10300.c
index 1dbb2f9..0b13c1a 100644
--- a/bfd/elf-m10300.c
+++ b/bfd/elf-m10300.c
@@ -142,11 +142,11 @@ static reloc_howto_type elf_mn10300_howto_table[] =
/* Dummy relocation. Does nothing. */
HOWTO (R_MN10300_NONE,
0,
- 2,
- 16,
+ 3,
+ 0,
FALSE,
0,
- complain_overflow_bitfield,
+ complain_overflow_dont,
bfd_elf_generic_reloc,
"R_MN10300_NONE",
FALSE,
diff --git a/bfd/elf32-arc.c b/bfd/elf32-arc.c
index e528e66..d193965 100644
--- a/bfd/elf32-arc.c
+++ b/bfd/elf32-arc.c
@@ -58,11 +58,11 @@ static reloc_howto_type elf_arc_howto_table[] =
/* This reloc does nothing. */
HOWTO (R_ARC_NONE, /* Type. */
0, /* Rightshift. */
- 2, /* Size (0 = byte, 1 = short, 2 = long). */
- 32, /* Bitsize. */
+ 3, /* Size (0 = byte, 1 = short, 2 = long). */
+ 0, /* Bitsize. */
FALSE, /* PC_relative. */
0, /* Bitpos. */
- complain_overflow_bitfield, /* Complain_on_overflow. */
+ complain_overflow_dont, /* Complain_on_overflow. */
bfd_elf_generic_reloc, /* Special_function. */
"R_ARC_NONE", /* Name. */
TRUE, /* Partial_inplace. */
diff --git a/bfd/elf32-arm.c b/bfd/elf32-arm.c
index 782cc87..7690251 100644
--- a/bfd/elf32-arm.c
+++ b/bfd/elf32-arm.c
@@ -79,7 +79,7 @@ static reloc_howto_type elf32_arm_howto_table_1[] =
/* No relocation. */
HOWTO (R_ARM_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
diff --git a/bfd/elf32-avr.c b/bfd/elf32-avr.c
index 54d67bf..dad04e2 100644
--- a/bfd/elf32-avr.c
+++ b/bfd/elf32-avr.c
@@ -121,11 +121,11 @@ static reloc_howto_type elf_avr_howto_table[] =
{
HOWTO (R_AVR_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield, /* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_AVR_NONE", /* name */
FALSE, /* partial_inplace */
diff --git a/bfd/elf32-bfin.c b/bfd/elf32-bfin.c
index 692875b..db2a5ba 100644
--- a/bfd/elf32-bfin.c
+++ b/bfd/elf32-bfin.c
@@ -423,11 +423,11 @@ static reloc_howto_type bfin_howto_table [] =
/* This reloc does nothing. . */
HOWTO (R_BFIN_UNUSED0, /* type. */
0, /* rightshift. */
- 2, /* size (0 = byte, 1 = short, 2 = long). */
- 32, /* bitsize. */
+ 3, /* size (0 = byte, 1 = short, 2 = long). */
+ 0, /* bitsize. */
FALSE, /* pc_relative. */
0, /* bitpos. */
- complain_overflow_bitfield, /* complain_on_overflow. */
+ complain_overflow_dont,/* complain_on_overflow. */
bfd_elf_generic_reloc, /* special_function. */
"R_BFIN_UNUSED0", /* name. */
FALSE, /* partial_inplace. */
@@ -451,11 +451,11 @@ static reloc_howto_type bfin_howto_table [] =
HOWTO (R_BFIN_UNUSED1, /* type. */
0, /* rightshift. */
- 2, /* size (0 = byte, 1 = short, 2 = long). */
- 32, /* bitsize. */
+ 3, /* size (0 = byte, 1 = short, 2 = long). */
+ 0, /* bitsize. */
FALSE, /* pc_relative. */
0, /* bitpos. */
- complain_overflow_bitfield, /* complain_on_overflow. */
+ complain_overflow_dont,/* complain_on_overflow. */
bfd_elf_generic_reloc, /* special_function. */
"R_BFIN_UNUSED1", /* name. */
FALSE, /* partial_inplace. */
@@ -581,8 +581,8 @@ static reloc_howto_type bfin_howto_table [] =
HOWTO (R_BFIN_UNUSEDB, /* type. */
0, /* rightshift. */
- 2, /* size (0 = byte, 1 = short, 2 = long). */
- 32, /* bitsize. */
+ 3, /* size (0 = byte, 1 = short, 2 = long). */
+ 0, /* bitsize. */
FALSE, /* pc_relative. */
0, /* bitpos. */
complain_overflow_dont, /* complain_on_overflow. */
@@ -595,8 +595,8 @@ static reloc_howto_type bfin_howto_table [] =
HOWTO (R_BFIN_UNUSEDC, /* type. */
0, /* rightshift. */
- 2, /* size (0 = byte, 1 = short, 2 = long). */
- 32, /* bitsize. */
+ 3, /* size (0 = byte, 1 = short, 2 = long). */
+ 0, /* bitsize. */
FALSE, /* pc_relative. */
0, /* bitpos. */
complain_overflow_dont, /* complain_on_overflow. */
diff --git a/bfd/elf32-cr16.c b/bfd/elf32-cr16.c
index 6dadcc1..862d9ff 100644
--- a/bfd/elf32-cr16.c
+++ b/bfd/elf32-cr16.c
@@ -115,8 +115,8 @@ static reloc_howto_type cr16_elf_howto_table[] =
{
HOWTO (R_CR16_NONE, /* type */
0, /* rightshift */
- 2, /* size */
- 32, /* bitsize */
+ 3, /* size */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
complain_overflow_dont, /* complain_on_overflow */
diff --git a/bfd/elf32-cris.c b/bfd/elf32-cris.c
index c516b2f..ce1cbfe 100644
--- a/bfd/elf32-cris.c
+++ b/bfd/elf32-cris.c
@@ -40,11 +40,11 @@ static reloc_howto_type cris_elf_howto_table [] =
/* This reloc does nothing. */
HOWTO (R_CRIS_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield, /* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_CRIS_NONE", /* name */
FALSE, /* partial_inplace */
diff --git a/bfd/elf32-crx.c b/bfd/elf32-crx.c
index f2925f5..607ad9c 100644
--- a/bfd/elf32-crx.c
+++ b/bfd/elf32-crx.c
@@ -82,8 +82,8 @@ static reloc_howto_type crx_elf_howto_table[] =
{
HOWTO (R_CRX_NONE, /* type */
0, /* rightshift */
- 2, /* size */
- 32, /* bitsize */
+ 3, /* size */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
complain_overflow_dont,/* complain_on_overflow */
diff --git a/bfd/elf32-d10v.c b/bfd/elf32-d10v.c
index f45e2db..6680864 100644
--- a/bfd/elf32-d10v.c
+++ b/bfd/elf32-d10v.c
@@ -33,8 +33,8 @@ static reloc_howto_type elf_d10v_howto_table[] =
/* This reloc does nothing. */
HOWTO (R_D10V_NONE, /* Type. */
0, /* Rightshift. */
- 2, /* Size (0 = byte, 1 = short, 2 = long). */
- 32, /* Bitsize. */
+ 3, /* Size (0 = byte, 1 = short, 2 = long). */
+ 0, /* Bitsize. */
FALSE, /* PC_relative. */
0, /* Bitpos. */
complain_overflow_dont,/* Complain_on_overflow. */
diff --git a/bfd/elf32-d30v.c b/bfd/elf32-d30v.c
index 211a673..e39cdff 100644
--- a/bfd/elf32-d30v.c
+++ b/bfd/elf32-d30v.c
@@ -254,11 +254,11 @@ static reloc_howto_type elf_d30v_howto_table[] =
/* This reloc does nothing. */
HOWTO (R_D30V_NONE, /* Type. */
0, /* Rightshift. */
- 2, /* Size (0 = byte, 1 = short, 2 = long). */
- 32, /* Bitsize. */
+ 3, /* Size (0 = byte, 1 = short, 2 = long). */
+ 0, /* Bitsize. */
FALSE, /* PC_relative. */
0, /* Bitpos. */
- complain_overflow_bitfield, /* Complain_on_overflow. */
+ complain_overflow_dont,/* Complain_on_overflow. */
bfd_elf_generic_reloc, /* Special_function. */
"R_D30V_NONE", /* Name. */
FALSE, /* Partial_inplace. */
diff --git a/bfd/elf32-dlx.c b/bfd/elf32-dlx.c
index 91441aa..978befd 100644
--- a/bfd/elf32-dlx.c
+++ b/bfd/elf32-dlx.c
@@ -237,7 +237,7 @@ static reloc_howto_type dlx_elf_howto_table[]=
/* No relocation. */
HOWTO (R_DLX_NONE, /* Type. */
0, /* Rightshift. */
- 0, /* size (0 = byte, 1 = short, 2 = long). */
+ 3, /* size (0 = byte, 1 = short, 2 = long). */
0, /* Bitsize. */
FALSE, /* PC_relative. */
0, /* Bitpos. */
diff --git a/bfd/elf32-epiphany.c b/bfd/elf32-epiphany.c
index 8d95cc9..133521f 100644
--- a/bfd/elf32-epiphany.c
+++ b/bfd/elf32-epiphany.c
@@ -63,7 +63,7 @@ static reloc_howto_type epiphany_elf_howto_table [] =
pr) /* pcrel_offset */
/* This reloc does nothing. */
- AHOW (R_EPIPHANY_NONE, 0, 0,32, FALSE, 0, complain_overflow_dont, "R_EPIPHANY_NONE", 0, 0),
+ AHOW (R_EPIPHANY_NONE, 0, 3, 0, FALSE, 0, complain_overflow_dont, "R_EPIPHANY_NONE", 0, 0),
/* 8 bit absolute (not likely) */
AHOW (R_EPIPHANY_8, 0, 0, 8, FALSE, 0, complain_overflow_bitfield, "R_EPIPHANY_8", 0x000000ff, 0x000000ff),
diff --git a/bfd/elf32-fr30.c b/bfd/elf32-fr30.c
index 022a0a9..3cc31b7 100644
--- a/bfd/elf32-fr30.c
+++ b/bfd/elf32-fr30.c
@@ -37,11 +37,11 @@ static reloc_howto_type fr30_elf_howto_table [] =
/* This reloc does nothing. */
HOWTO (R_FR30_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield, /* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_FR30_NONE", /* name */
FALSE, /* partial_inplace */
diff --git a/bfd/elf32-frv.c b/bfd/elf32-frv.c
index 46f299b..714399a 100644
--- a/bfd/elf32-frv.c
+++ b/bfd/elf32-frv.c
@@ -34,11 +34,11 @@ static reloc_howto_type elf32_frv_howto_table [] =
/* This reloc does nothing. */
HOWTO (R_FRV_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield, /* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_FRV_NONE", /* name */
FALSE, /* partial_inplace */
diff --git a/bfd/elf32-h8300.c b/bfd/elf32-h8300.c
index e9eae94..983e8c2 100644
--- a/bfd/elf32-h8300.c
+++ b/bfd/elf32-h8300.c
@@ -61,7 +61,7 @@ static reloc_howto_type h8_elf_howto_table[] =
#define R_H8_NONE_X 0
HOWTO (R_H8_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
diff --git a/bfd/elf32-i370.c b/bfd/elf32-i370.c
index e28c257..3c32190 100644
--- a/bfd/elf32-i370.c
+++ b/bfd/elf32-i370.c
@@ -40,11 +40,11 @@ static reloc_howto_type i370_elf_howto_raw[] =
/* This reloc does nothing. */
HOWTO (R_I370_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield, /* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_I370_NONE", /* name */
FALSE, /* partial_inplace */
diff --git a/bfd/elf32-i386.c b/bfd/elf32-i386.c
index 73141ee..1d463e5 100644
--- a/bfd/elf32-i386.c
+++ b/bfd/elf32-i386.c
@@ -37,7 +37,7 @@
static reloc_howto_type elf_howto_table[]=
{
- HOWTO(R_386_NONE, 0, 0, 0, FALSE, 0, complain_overflow_bitfield,
+ HOWTO(R_386_NONE, 0, 3, 0, FALSE, 0, complain_overflow_dont,
bfd_elf_generic_reloc, "R_386_NONE",
TRUE, 0x00000000, 0x00000000, FALSE),
HOWTO(R_386_32, 0, 2, 32, FALSE, 0, complain_overflow_bitfield,
diff --git a/bfd/elf32-i860.c b/bfd/elf32-i860.c
index de900c1..8920feb 100644
--- a/bfd/elf32-i860.c
+++ b/bfd/elf32-i860.c
@@ -264,11 +264,11 @@ static reloc_howto_type elf32_i860_howto_table [] =
/* This relocation does nothing. */
HOWTO (R_860_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield, /* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_860_NONE", /* name */
FALSE, /* partial_inplace */
diff --git a/bfd/elf32-i960.c b/bfd/elf32-i960.c
index c6fbbb8..5030347 100644
--- a/bfd/elf32-i960.c
+++ b/bfd/elf32-i960.c
@@ -83,7 +83,7 @@ elf32_i960_relocate (bfd *abfd ATTRIBUTE_UNUSED,
static reloc_howto_type elf_howto_table[]=
{
- HOWTO (R_960_NONE, 0, 0, 0, FALSE, 0, complain_overflow_bitfield,
+ HOWTO (R_960_NONE, 0, 3, 0, FALSE, 0, complain_overflow_dont,
elf32_i960_relocate, "R_960_NONE", TRUE,
0x00000000, 0x00000000, FALSE),
EMPTY_HOWTO (1),
diff --git a/bfd/elf32-ip2k.c b/bfd/elf32-ip2k.c
index 79e1ecc..df12490 100644
--- a/bfd/elf32-ip2k.c
+++ b/bfd/elf32-ip2k.c
@@ -141,7 +141,7 @@ static reloc_howto_type ip2k_elf_howto_table [] =
pr) /* pcrel_offset */
/* This reloc does nothing. */
- IP2K_HOWTO (R_IP2K_NONE, 0,2,32, FALSE, 0, "R_IP2K_NONE", 0, 0),
+ IP2K_HOWTO (R_IP2K_NONE, 0,3,0, FALSE, 0, "R_IP2K_NONE", 0, 0),
/* A 16 bit absolute relocation. */
IP2K_HOWTO (R_IP2K_16, 0,1,16, FALSE, 0, "R_IP2K_16", 0, 0xffff),
/* A 32 bit absolute relocation. */
diff --git a/bfd/elf32-iq2000.c b/bfd/elf32-iq2000.c
index a6bf8d2..fc87891 100644
--- a/bfd/elf32-iq2000.c
+++ b/bfd/elf32-iq2000.c
@@ -34,11 +34,11 @@ static reloc_howto_type iq2000_elf_howto_table [] =
HOWTO (R_IQ2000_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield, /* complain_on_overflow */
+ complain_overflow_dont, /* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_IQ2000_NONE", /* name */
FALSE, /* partial_inplace */
diff --git a/bfd/elf32-lm32.c b/bfd/elf32-lm32.c
index 5f2b6b8..0ff5929 100644
--- a/bfd/elf32-lm32.c
+++ b/bfd/elf32-lm32.c
@@ -262,11 +262,11 @@ static reloc_howto_type lm32_elf_howto_table [] =
/* This reloc does nothing. */
HOWTO (R_LM32_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield,/* complain_on_overflow */
+ complain_overflow_dont, /* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_LM32_NONE", /* name */
FALSE, /* partial_inplace */
diff --git a/bfd/elf32-m32c.c b/bfd/elf32-m32c.c
index 3e2c802..be88738 100644
--- a/bfd/elf32-m32c.c
+++ b/bfd/elf32-m32c.c
@@ -40,6 +40,8 @@ void dump_symtab (bfd *, void *, void *);
#endif
static bfd_boolean m32c_elf_relax_section
(bfd *abfd, asection *sec, struct bfd_link_info *link_info, bfd_boolean *again);
+static bfd_reloc_status_type m32c_apply_reloc_24
+ (bfd *, arelent *, asymbol *, void *, asection *, bfd *, char **);
static reloc_howto_type m32c_elf_howto_table [] =
@@ -47,11 +49,11 @@ static reloc_howto_type m32c_elf_howto_table [] =
/* This reloc does nothing. */
HOWTO (R_M32C_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield, /* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_M32C_NONE", /* name */
FALSE, /* partial_inplace */
@@ -83,7 +85,7 @@ static reloc_howto_type m32c_elf_howto_table [] =
FALSE, /* pc_relative */
0, /* bitpos */
complain_overflow_dont, /* complain_on_overflow */
- bfd_elf_generic_reloc, /* special_function */
+ m32c_apply_reloc_24, /* special_function */
"R_M32C_24", /* name */
FALSE, /* partial_inplace */
0, /* src_mask */
@@ -303,6 +305,48 @@ m32c_info_to_howto_rela
+/* Apply R_M32C_24 relocations. We have to do this because it's not a
+ power-of-two size, and the generic code may think it overruns the
+ section if it's right at the end.
+
+ Must return something other than bfd_reloc_continue to avoid the
+ above problem. Typical return values include bfd_reloc_ok or
+ bfd_reloc_overflow.
+*/
+
+static bfd_reloc_status_type m32c_apply_reloc_24 (bfd *abfd ATTRIBUTE_UNUSED,
+ arelent *reloc_entry,
+ asymbol *symbol,
+ void *vdata_start ATTRIBUTE_UNUSED,
+ asection *input_section,
+ bfd *ibfd ATTRIBUTE_UNUSED,
+ char **error_msg ATTRIBUTE_UNUSED)
+{
+ bfd_vma relocation;
+ bfd_reloc_status_type s;
+
+ s = bfd_elf_generic_reloc (abfd, reloc_entry, symbol,
+ vdata_start,
+ input_section, ibfd, error_msg);
+ if (s != bfd_reloc_continue)
+ return s;
+
+ /* Get symbol value. (Common symbols are special.) */
+ if (bfd_is_com_section (symbol->section))
+ relocation = 0;
+ else
+ relocation = symbol->value;
+
+ relocation += symbol->section->output_offset;
+
+ /* Add in supplied addend. */
+ relocation += reloc_entry->addend;
+
+ reloc_entry->addend = relocation;
+ reloc_entry->address += input_section->output_offset;
+ return bfd_reloc_ok;
+}
+
/* Relocate an M32C ELF section.
There is some attempt to make this function usable for many architectures,
both USE_REL and USE_RELA ['twould be nice if such a critter existed],
@@ -531,9 +575,32 @@ m32c_elf_relocate_section
printf ("\n");
}
#endif
- r = _bfd_final_link_relocate (howto, input_bfd, input_section,
- contents, rel->r_offset, relocation,
- rel->r_addend);
+ switch (ELF32_R_TYPE(rel->r_info))
+ {
+ case R_M32C_24:
+ /* Like m32c_apply_reloc_24, we must handle this one separately. */
+ relocation += rel->r_addend;
+
+ /* Sanity check the address. */
+ if (rel->r_offset + 3
+ > bfd_get_section_limit_octets (input_bfd, input_section))
+ r = bfd_reloc_outofrange;
+ else
+ {
+ bfd_put_8 (input_bfd, relocation & 0xff, contents + rel->r_offset);
+ bfd_put_8 (input_bfd, (relocation >> 8) & 0xff, contents + rel->r_offset + 1);
+ bfd_put_8 (input_bfd, (relocation >> 16) & 0xff, contents + rel->r_offset + 2);
+ r = bfd_reloc_ok;
+ }
+
+ break;
+
+ default:
+ r = _bfd_final_link_relocate (howto, input_bfd, input_section,
+ contents, rel->r_offset, relocation,
+ rel->r_addend);
+ break;
+ }
if (r != bfd_reloc_ok)
{
diff --git a/bfd/elf32-m32r.c b/bfd/elf32-m32r.c
index e6b45ab..951d43e 100644
--- a/bfd/elf32-m32r.c
+++ b/bfd/elf32-m32r.c
@@ -474,11 +474,11 @@ static reloc_howto_type m32r_elf_howto_table[] =
/* This reloc does nothing. */
HOWTO (R_M32R_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield, /* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_M32R_NONE", /* name */
FALSE, /* partial_inplace */
diff --git a/bfd/elf32-m68hc11.c b/bfd/elf32-m68hc11.c
index 2101bdf..00a77d0 100644
--- a/bfd/elf32-m68hc11.c
+++ b/bfd/elf32-m68hc11.c
@@ -65,8 +65,8 @@ static reloc_howto_type elf_m68hc11_howto_table[] = {
/* This reloc does nothing. */
HOWTO (R_M68HC11_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
complain_overflow_dont,/* complain_on_overflow */
diff --git a/bfd/elf32-m68hc12.c b/bfd/elf32-m68hc12.c
index 7f48b7e..fd13354 100644
--- a/bfd/elf32-m68hc12.c
+++ b/bfd/elf32-m68hc12.c
@@ -107,8 +107,8 @@ static reloc_howto_type elf_m68hc11_howto_table[] = {
/* This reloc does nothing. */
HOWTO (R_M68HC11_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
complain_overflow_dont,/* complain_on_overflow */
diff --git a/bfd/elf32-m68k.c b/bfd/elf32-m68k.c
index 9a42288..75ef6bc 100644
--- a/bfd/elf32-m68k.c
+++ b/bfd/elf32-m68k.c
@@ -31,7 +31,7 @@ elf_m68k_discard_copies (struct elf_link_hash_entry *, void *);
static reloc_howto_type howto_table[] =
{
- HOWTO(R_68K_NONE, 0, 0, 0, FALSE,0, complain_overflow_dont, bfd_elf_generic_reloc, "R_68K_NONE", FALSE, 0, 0x00000000,FALSE),
+ HOWTO(R_68K_NONE, 0, 3, 0, FALSE,0, complain_overflow_dont, bfd_elf_generic_reloc, "R_68K_NONE", FALSE, 0, 0x00000000,FALSE),
HOWTO(R_68K_32, 0, 2,32, FALSE,0, complain_overflow_bitfield, bfd_elf_generic_reloc, "R_68K_32", FALSE, 0, 0xffffffff,FALSE),
HOWTO(R_68K_16, 0, 1,16, FALSE,0, complain_overflow_bitfield, bfd_elf_generic_reloc, "R_68K_16", FALSE, 0, 0x0000ffff,FALSE),
HOWTO(R_68K_8, 0, 0, 8, FALSE,0, complain_overflow_bitfield, bfd_elf_generic_reloc, "R_68K_8", FALSE, 0, 0x000000ff,FALSE),
diff --git a/bfd/elf32-mcore.c b/bfd/elf32-mcore.c
index 903d379..3d37530 100644
--- a/bfd/elf32-mcore.c
+++ b/bfd/elf32-mcore.c
@@ -110,11 +110,11 @@ static reloc_howto_type mcore_elf_howto_raw[] =
/* This reloc does nothing. */
HOWTO (R_MCORE_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield, /* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
NULL, /* special_function */
"R_MCORE_NONE", /* name */
FALSE, /* partial_inplace */
diff --git a/bfd/elf32-mep.c b/bfd/elf32-mep.c
index 548359f..ac51df4 100644
--- a/bfd/elf32-mep.c
+++ b/bfd/elf32-mep.c
@@ -42,7 +42,7 @@ static bfd_reloc_status_type mep_reloc (bfd *, arelent *, struct bfd_symbol *,
static reloc_howto_type mep_elf_howto_table [] =
{
/* type, size, bits, leftshift, rightshift, pcrel, OD/OS/OU, mask. */
- MEPREL (R_MEP_NONE, 0, 0, 0, 0, 0, N, 0),
+ MEPREL (R_MEP_NONE, 3, 0, 0, 0, 0, N, 0),
MEPREL (R_RELC, 0, 0, 0, 0, 0, N, 0),
/* MEPRELOC:HOWTO */
/* This section generated from bfd/mep-relocs.pl from include/elf/mep.h. */
diff --git a/bfd/elf32-metag.c b/bfd/elf32-metag.c
index a68b51c..209baed 100644
--- a/bfd/elf32-metag.c
+++ b/bfd/elf32-metag.c
@@ -142,7 +142,7 @@ static reloc_howto_type elf_metag_howto_table[] =
/* No relocation. */
HOWTO (R_METAG_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
diff --git a/bfd/elf32-microblaze.c b/bfd/elf32-microblaze.c
index a4cc6a3..64487af 100644
--- a/bfd/elf32-microblaze.c
+++ b/bfd/elf32-microblaze.c
@@ -44,11 +44,11 @@ static reloc_howto_type microblaze_elf_howto_raw[] =
/* This reloc does nothing. */
HOWTO (R_MICROBLAZE_NONE, /* Type. */
0, /* Rightshift. */
- 2, /* Size (0 = byte, 1 = short, 2 = long). */
- 32, /* Bitsize. */
+ 3, /* Size (0 = byte, 1 = short, 2 = long). */
+ 0, /* Bitsize. */
FALSE, /* PC_relative. */
0, /* Bitpos. */
- complain_overflow_bitfield, /* Complain on overflow. */
+ complain_overflow_dont,/* Complain on overflow. */
NULL, /* Special Function. */
"R_MICROBLAZE_NONE", /* Name. */
FALSE, /* Partial Inplace. */
@@ -179,11 +179,11 @@ static reloc_howto_type microblaze_elf_howto_raw[] =
/* This reloc does nothing. Used for relaxation. */
HOWTO (R_MICROBLAZE_64_NONE, /* Type. */
0, /* Rightshift. */
- 2, /* Size (0 = byte, 1 = short, 2 = long). */
- 32, /* Bitsize. */
+ 3, /* Size (0 = byte, 1 = short, 2 = long). */
+ 0, /* Bitsize. */
TRUE, /* PC_relative. */
0, /* Bitpos. */
- complain_overflow_bitfield, /* Complain on overflow. */
+ complain_overflow_dont,/* Complain on overflow. */
NULL, /* Special Function. */
"R_MICROBLAZE_64_NONE",/* Name. */
FALSE, /* Partial Inplace. */
diff --git a/bfd/elf32-mips.c b/bfd/elf32-mips.c
index 78ae1dd..af661c4 100644
--- a/bfd/elf32-mips.c
+++ b/bfd/elf32-mips.c
@@ -107,7 +107,7 @@ static reloc_howto_type elf_mips_howto_table_rel[] =
/* No relocation. */
HOWTO (R_MIPS_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
diff --git a/bfd/elf32-moxie.c b/bfd/elf32-moxie.c
index 1f685b9..fab19d8 100644
--- a/bfd/elf32-moxie.c
+++ b/bfd/elf32-moxie.c
@@ -34,11 +34,11 @@ static reloc_howto_type moxie_elf_howto_table [] =
/* This reloc does nothing. */
HOWTO (R_MOXIE_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield, /* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_MOXIE_NONE", /* name */
FALSE, /* partial_inplace */
diff --git a/bfd/elf32-msp430.c b/bfd/elf32-msp430.c
index 2f55c53..593cd81 100644
--- a/bfd/elf32-msp430.c
+++ b/bfd/elf32-msp430.c
@@ -30,11 +30,11 @@ static reloc_howto_type elf_msp430_howto_table[] =
{
HOWTO (R_MSP430_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield,/* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_MSP430_NONE", /* name */
FALSE, /* partial_inplace */
@@ -197,11 +197,11 @@ static reloc_howto_type elf_msp430x_howto_table[] =
{
HOWTO (R_MSP430_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield,/* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_MSP430_NONE", /* name */
FALSE, /* partial_inplace */
diff --git a/bfd/elf32-mt.c b/bfd/elf32-mt.c
index 6df1521..5ae4e19 100644
--- a/bfd/elf32-mt.c
+++ b/bfd/elf32-mt.c
@@ -48,8 +48,8 @@ static reloc_howto_type mt_elf_howto_table [] =
/* This reloc does nothing. */
HOWTO (R_MT_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
complain_overflow_dont, /* complain_on_overflow */
diff --git a/bfd/elf32-nds32.c b/bfd/elf32-nds32.c
index 2b63024..dbfa85e 100644
--- a/bfd/elf32-nds32.c
+++ b/bfd/elf32-nds32.c
@@ -321,11 +321,11 @@ static reloc_howto_type nds32_elf_howto_table[] =
/* This reloc does nothing. */
HOWTO (R_NDS32_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield, /* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_NDS32_NONE", /* name */
FALSE, /* partial_inplace */
@@ -4182,11 +4182,10 @@ nds32_relocate_contents (reloc_howto_type *howto, bfd *input_bfd,
switch (size)
{
default:
- case 0:
- case 1:
- case 8:
abort ();
break;
+ case 0:
+ return bfd_reloc_ok;
case 2:
x = bfd_getb16 (location);
break;
diff --git a/bfd/elf32-nios2.c b/bfd/elf32-nios2.c
index 2739961..0105b70 100644
--- a/bfd/elf32-nios2.c
+++ b/bfd/elf32-nios2.c
@@ -80,7 +80,7 @@ static reloc_howto_type elf_nios2_howto_table_rel[] = {
/* No relocation. */
HOWTO (R_NIOS2_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
@@ -764,6 +764,7 @@ struct elf_reloc_map
};
static const struct elf_reloc_map nios2_reloc_map[] = {
+ {BFD_RELOC_NONE, R_NIOS2_NONE},
{BFD_RELOC_NIOS2_S16, R_NIOS2_S16},
{BFD_RELOC_NIOS2_U16, R_NIOS2_U16},
{BFD_RELOC_16_PCREL, R_NIOS2_PCREL16},
diff --git a/bfd/elf32-or1k.c b/bfd/elf32-or1k.c
index e5b7bad..fd8fb83 100644
--- a/bfd/elf32-or1k.c
+++ b/bfd/elf32-or1k.c
@@ -60,8 +60,8 @@ static reloc_howto_type or1k_elf_howto_table[] =
/* This reloc does nothing. */
HOWTO (R_OR1K_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
complain_overflow_dont, /* complain_on_overflow */
diff --git a/bfd/elf32-pj.c b/bfd/elf32-pj.c
index 84b61f9..4a1655e 100644
--- a/bfd/elf32-pj.c
+++ b/bfd/elf32-pj.c
@@ -113,7 +113,7 @@ static reloc_howto_type pj_elf_howto_table[] =
/* No relocation. */
HOWTO (R_PJ_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
diff --git a/bfd/elf32-ppc.c b/bfd/elf32-ppc.c
index ea690a7..af3c10c 100644
--- a/bfd/elf32-ppc.c
+++ b/bfd/elf32-ppc.c
@@ -187,8 +187,8 @@ static reloc_howto_type ppc_elf_howto_raw[] = {
/* This reloc does nothing. */
HOWTO (R_PPC_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
complain_overflow_dont, /* complain_on_overflow */
@@ -2057,9 +2057,6 @@ ppc_elf_addr16_ha_reloc (bfd *abfd ATTRIBUTE_UNUSED,
return bfd_reloc_ok;
}
- if (reloc_entry->address > bfd_get_section_limit (abfd, input_section))
- return bfd_reloc_outofrange;
-
if (bfd_is_com_section (symbol->section))
relocation = 0;
else
diff --git a/bfd/elf32-rl78.c b/bfd/elf32-rl78.c
index 2a5ec99..3574ed3 100644
--- a/bfd/elf32-rl78.c
+++ b/bfd/elf32-rl78.c
@@ -37,7 +37,7 @@
static reloc_howto_type rl78_elf_howto_table [] =
{
- RL78REL (NONE, 0, 0, 0, dont, FALSE),
+ RL78REL (NONE, 3, 0, 0, dont, FALSE),
RL78REL (DIR32, 2, 32, 0, signed, FALSE),
RL78REL (DIR24S, 2, 24, 0, signed, FALSE),
RL78REL (DIR16, 1, 16, 0, dont, FALSE),
diff --git a/bfd/elf32-rx.c b/bfd/elf32-rx.c
index 5d09f21..3073b32 100644
--- a/bfd/elf32-rx.c
+++ b/bfd/elf32-rx.c
@@ -49,7 +49,7 @@ void rx_dump_symtab (bfd *, void *, void *);
static reloc_howto_type rx_elf_howto_table [] =
{
- RXREL (NONE, 0, 0, 0, dont, FALSE),
+ RXREL (NONE, 3, 0, 0, dont, FALSE),
RXREL (DIR32, 2, 32, 0, signed, FALSE),
RXREL (DIR24S, 2, 24, 0, signed, FALSE),
RXREL (DIR16, 1, 16, 0, dont, FALSE),
diff --git a/bfd/elf32-s390.c b/bfd/elf32-s390.c
index 73df41a..3b050a8 100644
--- a/bfd/elf32-s390.c
+++ b/bfd/elf32-s390.c
@@ -39,7 +39,7 @@ static reloc_howto_type elf_howto_table[] =
{
HOWTO (R_390_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = 2 byte, 2 = 4 byte) */
+ 3, /* size (0 = byte, 1 = 2 byte, 2 = 4 byte) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
diff --git a/bfd/elf32-score.c b/bfd/elf32-score.c
index 1ab54cd..fc4df66 100644
--- a/bfd/elf32-score.c
+++ b/bfd/elf32-score.c
@@ -645,7 +645,7 @@ static reloc_howto_type elf32_score_howto_table[] =
/* No relocation. */
HOWTO (R_SCORE_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
diff --git a/bfd/elf32-score7.c b/bfd/elf32-score7.c
index 0b3cf20..d605a46 100644
--- a/bfd/elf32-score7.c
+++ b/bfd/elf32-score7.c
@@ -546,7 +546,7 @@ static reloc_howto_type elf32_score_howto_table[] =
/* No relocation. */
HOWTO (R_SCORE_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
diff --git a/bfd/elf32-sh-relocs.h b/bfd/elf32-sh-relocs.h
index fb54c9a..a20828d 100644
--- a/bfd/elf32-sh-relocs.h
+++ b/bfd/elf32-sh-relocs.h
@@ -20,7 +20,7 @@
/* No relocation. */
HOWTO (R_SH_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
diff --git a/bfd/elf32-sh.c b/bfd/elf32-sh.c
index a737044..ecb8c17 100644
--- a/bfd/elf32-sh.c
+++ b/bfd/elf32-sh.c
@@ -255,6 +255,11 @@ sh_elf_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol_in,
&& bfd_is_und_section (symbol_in->section))
return bfd_reloc_undefined;
+ /* PR 17512: file: 9891ca98. */
+ if (addr * bfd_octets_per_byte (abfd) + bfd_get_reloc_size (reloc_entry->howto)
+ > bfd_get_section_limit_octets (abfd, input_section))
+ return bfd_reloc_outofrange;
+
if (bfd_is_com_section (symbol_in->section))
sym_value = 0;
else
diff --git a/bfd/elf32-spu.c b/bfd/elf32-spu.c
index 13806ad..ce7001d 100644
--- a/bfd/elf32-spu.c
+++ b/bfd/elf32-spu.c
@@ -37,7 +37,7 @@ static bfd_reloc_status_type spu_elf_rel9 (bfd *, arelent *, asymbol *,
array, so it must be declared in the order of that type. */
static reloc_howto_type elf_howto_table[] = {
- HOWTO (R_SPU_NONE, 0, 0, 0, FALSE, 0, complain_overflow_dont,
+ HOWTO (R_SPU_NONE, 0, 3, 0, FALSE, 0, complain_overflow_dont,
bfd_elf_generic_reloc, "SPU_NONE",
FALSE, 0, 0x00000000, FALSE),
HOWTO (R_SPU_ADDR10, 4, 2, 10, FALSE, 14, complain_overflow_bitfield,
@@ -105,6 +105,8 @@ spu_elf_bfd_to_reloc_type (bfd_reloc_code_real_type code)
switch (code)
{
default:
+ return (enum elf_spu_reloc_type) -1;
+ case BFD_RELOC_NONE:
return R_SPU_NONE;
case BFD_RELOC_SPU_IMM10W:
return R_SPU_ADDR10;
diff --git a/bfd/elf32-tic6x.c b/bfd/elf32-tic6x.c
index 9f17979..0f6f459 100644
--- a/bfd/elf32-tic6x.c
+++ b/bfd/elf32-tic6x.c
@@ -152,7 +152,7 @@ static reloc_howto_type elf32_tic6x_howto_table[] =
{
HOWTO (R_C6000_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
@@ -820,7 +820,7 @@ static reloc_howto_type elf32_tic6x_howto_table_rel[] =
{
HOWTO (R_C6000_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
diff --git a/bfd/elf32-tilepro.c b/bfd/elf32-tilepro.c
index 0959924..9c8a478 100644
--- a/bfd/elf32-tilepro.c
+++ b/bfd/elf32-tilepro.c
@@ -34,11 +34,11 @@ static reloc_howto_type tilepro_elf_howto_table [] =
/* This reloc does nothing. */
HOWTO (R_TILEPRO_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield, /* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_TILEPRO_NONE", /* name */
FALSE, /* partial_inplace */
diff --git a/bfd/elf32-v850.c b/bfd/elf32-v850.c
index 2589a25..7f69acb 100644
--- a/bfd/elf32-v850.c
+++ b/bfd/elf32-v850.c
@@ -895,11 +895,11 @@ static reloc_howto_type v850_elf_howto_table[] =
/* This reloc does nothing. */
HOWTO (R_V850_NONE, /* Type. */
0, /* Rightshift. */
- 2, /* Size (0 = byte, 1 = short, 2 = long). */
- 32, /* Bitsize. */
+ 3, /* Size (0 = byte, 1 = short, 2 = long). */
+ 0, /* Bitsize. */
FALSE, /* PC_relative. */
0, /* Bitpos. */
- complain_overflow_bitfield, /* Complain_on_overflow. */
+ complain_overflow_dont, /* Complain_on_overflow. */
bfd_elf_generic_reloc, /* Special_function. */
"R_V850_NONE", /* Name. */
FALSE, /* Partial_inplace. */
diff --git a/bfd/elf32-vax.c b/bfd/elf32-vax.c
index 05e65e9..943b230 100644
--- a/bfd/elf32-vax.c
+++ b/bfd/elf32-vax.c
@@ -56,7 +56,7 @@ static bfd_boolean elf32_vax_print_private_bfd_data (bfd *, void *);
static reloc_howto_type howto_table[] = {
HOWTO (R_VAX_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
diff --git a/bfd/elf32-xc16x.c b/bfd/elf32-xc16x.c
index 9e7deca..348cd1f 100644
--- a/bfd/elf32-xc16x.c
+++ b/bfd/elf32-xc16x.c
@@ -32,11 +32,11 @@ static reloc_howto_type xc16x_elf_howto_table [] =
/* This reloc does nothing. */
HOWTO (R_XC16X_NONE, /* type */
0, /* rightshift */
- 1, /* size (0 = byte, 1 = short, 2 = long) */
- 16, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield, /* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_XC16X_NONE", /* name */
FALSE, /* partial_inplace */
diff --git a/bfd/elf32-xgate.c b/bfd/elf32-xgate.c
index 01f39fa..1ee0ce4 100644
--- a/bfd/elf32-xgate.c
+++ b/bfd/elf32-xgate.c
@@ -52,8 +52,8 @@ static reloc_howto_type elf_xgate_howto_table[] =
/* This reloc does nothing. */
HOWTO (R_XGATE_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
complain_overflow_dont,/* complain_on_overflow */
diff --git a/bfd/elf32-xstormy16.c b/bfd/elf32-xstormy16.c
index f918a1e..90c1171 100644
--- a/bfd/elf32-xstormy16.c
+++ b/bfd/elf32-xstormy16.c
@@ -73,11 +73,11 @@ static reloc_howto_type xstormy16_elf_howto_table [] =
/* This reloc does nothing. */
HOWTO (R_XSTORMY16_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield, /* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_XSTORMY16_NONE", /* name */
FALSE, /* partial_inplace */
diff --git a/bfd/elf32-xtensa.c b/bfd/elf32-xtensa.c
index e32496a..09476f2 100644
--- a/bfd/elf32-xtensa.c
+++ b/bfd/elf32-xtensa.c
@@ -161,7 +161,7 @@ int elf32xtensa_no_literal_movement = 1;
static reloc_howto_type elf_howto_table[] =
{
- HOWTO (R_XTENSA_NONE, 0, 0, 0, FALSE, 0, complain_overflow_dont,
+ HOWTO (R_XTENSA_NONE, 0, 3, 0, FALSE, 0, complain_overflow_dont,
bfd_elf_xtensa_reloc, "R_XTENSA_NONE",
FALSE, 0, 0, FALSE),
HOWTO (R_XTENSA_32, 0, 2, 32, FALSE, 0, complain_overflow_bitfield,
diff --git a/bfd/elf64-alpha.c b/bfd/elf64-alpha.c
index 1a4fc23..042dae3 100644
--- a/bfd/elf64-alpha.c
+++ b/bfd/elf64-alpha.c
@@ -486,8 +486,8 @@ static reloc_howto_type elf64_alpha_howto_table[] =
{
HOWTO (R_ALPHA_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
- 8, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
TRUE, /* pc_relative */
0, /* bitpos */
complain_overflow_dont, /* complain_on_overflow */
diff --git a/bfd/elf64-mips.c b/bfd/elf64-mips.c
index eb7e1fb..cbf504a 100644
--- a/bfd/elf64-mips.c
+++ b/bfd/elf64-mips.c
@@ -145,7 +145,7 @@ static reloc_howto_type mips_elf64_howto_table_rel[] =
/* No relocation. */
HOWTO (R_MIPS_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
@@ -908,7 +908,7 @@ static reloc_howto_type mips_elf64_howto_table_rela[] =
/* No relocation. */
HOWTO (R_MIPS_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
diff --git a/bfd/elf64-mmix.c b/bfd/elf64-mmix.c
index 58fca92..585dad9 100644
--- a/bfd/elf64-mmix.c
+++ b/bfd/elf64-mmix.c
@@ -192,11 +192,11 @@ static reloc_howto_type elf_mmix_howto_table[] =
/* This reloc does nothing. */
HOWTO (R_MMIX_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield, /* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_MMIX_NONE", /* name */
FALSE, /* partial_inplace */
diff --git a/bfd/elf64-ppc.c b/bfd/elf64-ppc.c
index bcd1f6f..327004c 100644
--- a/bfd/elf64-ppc.c
+++ b/bfd/elf64-ppc.c
@@ -258,8 +258,8 @@ static reloc_howto_type ppc64_elf_howto_raw[] = {
/* This reloc does nothing. */
HOWTO (R_PPC64_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
complain_overflow_dont, /* complain_on_overflow */
diff --git a/bfd/elf64-s390.c b/bfd/elf64-s390.c
index 1e68afb..9745ea4 100644
--- a/bfd/elf64-s390.c
+++ b/bfd/elf64-s390.c
@@ -42,7 +42,7 @@ static reloc_howto_type elf_howto_table[] =
{
HOWTO (R_390_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = 2 byte, 2 = 4 byte) */
+ 3, /* size (0 = byte, 1 = 2 byte, 2 = 4 byte) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
diff --git a/bfd/elf64-sh64.c b/bfd/elf64-sh64.c
index 79cab57..b0208c0 100644
--- a/bfd/elf64-sh64.c
+++ b/bfd/elf64-sh64.c
@@ -105,7 +105,7 @@ static reloc_howto_type sh_elf64_howto_table[] = {
/* No relocation. */
HOWTO (R_SH_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
diff --git a/bfd/elf64-x86-64.c b/bfd/elf64-x86-64.c
index a6a4bfc..08585de 100644
--- a/bfd/elf64-x86-64.c
+++ b/bfd/elf64-x86-64.c
@@ -54,7 +54,7 @@
special_function, name, partial_inplace, src_mask, dst_mask, pcrel_offset. */
static reloc_howto_type x86_64_elf_howto_table[] =
{
- HOWTO(R_X86_64_NONE, 0, 0, 0, FALSE, 0, complain_overflow_dont,
+ HOWTO(R_X86_64_NONE, 0, 3, 0, FALSE, 0, complain_overflow_dont,
bfd_elf_generic_reloc, "R_X86_64_NONE", FALSE, 0x00000000, 0x00000000,
FALSE),
HOWTO(R_X86_64_64, 0, 4, 64, FALSE, 0, complain_overflow_bitfield,
diff --git a/bfd/elflink.c b/bfd/elflink.c
index f314842..8298124 100644
--- a/bfd/elflink.c
+++ b/bfd/elflink.c
@@ -10326,7 +10326,7 @@ elf_reloc_link_order (bfd *output_bfd,
size = (bfd_size_type) bfd_get_reloc_size (howto);
buf = (bfd_byte *) bfd_zmalloc (size);
- if (buf == NULL)
+ if (buf == NULL && size != 0)
return FALSE;
rstat = _bfd_relocate_contents (howto, output_bfd, addend, buf);
switch (rstat)
diff --git a/bfd/elfn32-mips.c b/bfd/elfn32-mips.c
index 9ddde24..d65e11b 100644
--- a/bfd/elfn32-mips.c
+++ b/bfd/elfn32-mips.c
@@ -108,7 +108,7 @@ static reloc_howto_type elf_mips_howto_table_rel[] =
/* No relocation. */
HOWTO (R_MIPS_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
diff --git a/bfd/elfnn-aarch64.c b/bfd/elfnn-aarch64.c
index be9ef6e..a00e228 100644
--- a/bfd/elfnn-aarch64.c
+++ b/bfd/elfnn-aarch64.c
@@ -296,7 +296,7 @@ static reloc_howto_type elfNN_aarch64_howto_table[] =
#if ARCH_SIZE == 64
HOWTO (R_AARCH64_NULL, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
@@ -310,7 +310,7 @@ static reloc_howto_type elfNN_aarch64_howto_table[] =
#else
HOWTO (R_AARCH64_NONE, /* type */
0, /* rightshift */
- 0, /* size (0 = byte, 1 = short, 2 = long) */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
diff --git a/bfd/elfxx-aarch64.c b/bfd/elfxx-aarch64.c
index 6ae4adf..fdb09f0 100644
--- a/bfd/elfxx-aarch64.c
+++ b/bfd/elfxx-aarch64.c
@@ -187,6 +187,8 @@ _bfd_aarch64_elf_put_addend (bfd *abfd,
size = bfd_get_reloc_size (howto);
switch (size)
{
+ case 0:
+ return status;
case 2:
contents = bfd_get_16 (abfd, address);
break;
diff --git a/bfd/elfxx-ia64.c b/bfd/elfxx-ia64.c
index e9f884b..c3bc0a7 100644
--- a/bfd/elfxx-ia64.c
+++ b/bfd/elfxx-ia64.c
@@ -91,7 +91,7 @@ ia64_elf_reloc (bfd *abfd ATTRIBUTE_UNUSED, arelent *reloc,
TYPE field. */
static reloc_howto_type ia64_howto_table[] =
{
- IA64_HOWTO (R_IA64_NONE, "NONE", 0, FALSE, TRUE),
+ IA64_HOWTO (R_IA64_NONE, "NONE", 3, FALSE, TRUE),
IA64_HOWTO (R_IA64_IMM14, "IMM14", 0, FALSE, TRUE),
IA64_HOWTO (R_IA64_IMM22, "IMM22", 0, FALSE, TRUE),
diff --git a/bfd/elfxx-mips.c b/bfd/elfxx-mips.c
index 0df7abf..7bf545b 100644
--- a/bfd/elfxx-mips.c
+++ b/bfd/elfxx-mips.c
@@ -6194,11 +6194,13 @@ mips_elf_obtain_contents (reloc_howto_type *howto,
const Elf_Internal_Rela *relocation,
bfd *input_bfd, bfd_byte *contents)
{
- bfd_vma x;
+ bfd_vma x = 0;
bfd_byte *location = contents + relocation->r_offset;
+ unsigned int size = bfd_get_reloc_size (howto);
/* Obtain the bytes. */
- x = bfd_get ((8 * bfd_get_reloc_size (howto)), input_bfd, location);
+ if (size != 0)
+ x = bfd_get (8 * size, input_bfd, location);
return x;
}
@@ -6223,6 +6225,7 @@ mips_elf_perform_relocation (struct bfd_link_info *info,
bfd_vma x;
bfd_byte *location;
int r_type = ELF_R_TYPE (input_bfd, relocation->r_info);
+ unsigned int size;
/* Figure out where the relocation is occurring. */
location = contents + relocation->r_offset;
@@ -6316,7 +6319,9 @@ mips_elf_perform_relocation (struct bfd_link_info *info,
}
/* Put the value into the output. */
- bfd_put (8 * bfd_get_reloc_size (howto), input_bfd, x, location);
+ size = bfd_get_reloc_size (howto);
+ if (size != 0)
+ bfd_put (8 * size, input_bfd, x, location);
_bfd_mips_elf_reloc_shuffle (input_bfd, r_type, !info->relocatable,
location);
diff --git a/bfd/elfxx-sparc.c b/bfd/elfxx-sparc.c
index a56493f..2023229 100644
--- a/bfd/elfxx-sparc.c
+++ b/bfd/elfxx-sparc.c
@@ -209,7 +209,7 @@ sparc_elf_lox10_reloc (bfd *abfd, arelent *reloc_entry, asymbol *symbol,
static reloc_howto_type _bfd_sparc_elf_howto_table[] =
{
- HOWTO(R_SPARC_NONE, 0,0, 0,FALSE,0,complain_overflow_dont, bfd_elf_generic_reloc, "R_SPARC_NONE", FALSE,0,0x00000000,TRUE),
+ HOWTO(R_SPARC_NONE, 0,3, 0,FALSE,0,complain_overflow_dont, bfd_elf_generic_reloc, "R_SPARC_NONE", FALSE,0,0x00000000,TRUE),
HOWTO(R_SPARC_8, 0,0, 8,FALSE,0,complain_overflow_bitfield,bfd_elf_generic_reloc, "R_SPARC_8", FALSE,0,0x000000ff,TRUE),
HOWTO(R_SPARC_16, 0,1,16,FALSE,0,complain_overflow_bitfield,bfd_elf_generic_reloc, "R_SPARC_16", FALSE,0,0x0000ffff,TRUE),
HOWTO(R_SPARC_32, 0,2,32,FALSE,0,complain_overflow_bitfield,bfd_elf_generic_reloc, "R_SPARC_32", FALSE,0,0xffffffff,TRUE),
diff --git a/bfd/elfxx-tilegx.c b/bfd/elfxx-tilegx.c
index 90f4395..dcdec70 100644
--- a/bfd/elfxx-tilegx.c
+++ b/bfd/elfxx-tilegx.c
@@ -72,11 +72,11 @@ static reloc_howto_type tilegx_elf_howto_table [] =
/* This reloc does nothing. */
HOWTO (R_TILEGX_NONE, /* type */
0, /* rightshift */
- 2, /* size (0 = byte, 1 = short, 2 = long) */
- 32, /* bitsize */
+ 3, /* size (0 = byte, 1 = short, 2 = long) */
+ 0, /* bitsize */
FALSE, /* pc_relative */
0, /* bitpos */
- complain_overflow_bitfield, /* complain_on_overflow */
+ complain_overflow_dont,/* complain_on_overflow */
bfd_elf_generic_reloc, /* special_function */
"R_TILEGX_NONE", /* name */
FALSE, /* partial_inplace */
diff --git a/bfd/format.c b/bfd/format.c
index c4bc944..f0d1e66 100644
--- a/bfd/format.c
+++ b/bfd/format.c
@@ -402,7 +402,7 @@ bfd_check_format_matches (bfd *abfd, bfd_format format, char ***matching)
/* We still have more than one equally good match, and at least some
of the targets support match priority. Choose the first of the
best matches. */
- if (match_count > 1 && best_count != match_count)
+ if (matching_vector && match_count > 1 && best_count != match_count)
{
int i;
diff --git a/bfd/ieee.c b/bfd/ieee.c
index 313834e..04ac666 100644
--- a/bfd/ieee.c
+++ b/bfd/ieee.c
@@ -170,9 +170,16 @@ ieee_write_id (bfd *abfd, const char *id)
standard requires. */
#define this_byte(ieee) *((ieee)->input_p)
-#define next_byte(ieee) ((ieee)->input_p++)
#define this_byte_and_next(ieee) (*((ieee)->input_p++))
+static bfd_boolean
+next_byte (common_header_type * ieee)
+{
+ ieee->input_p++;
+
+ return ieee->input_p < ieee->last_byte;
+}
+
static unsigned short
read_2bytes (common_header_type *ieee)
{
@@ -348,15 +355,15 @@ parse_int (common_header_type *ieee, bfd_vma *value_ptr)
if (value >= 0 && value <= 127)
{
*value_ptr = value;
- next_byte (ieee);
- return TRUE;
+ return next_byte (ieee);
}
else if (value >= 0x80 && value <= 0x88)
{
unsigned int count = value & 0xf;
result = 0;
- next_byte (ieee);
+ if (! next_byte (ieee))
+ return FALSE;
while (count)
{
result = (result << 8) | this_byte_and_next (ieee);
@@ -496,7 +503,7 @@ static reloc_howto_type rel8_howto =
static ieee_symbol_index_type NOSYMBOL = {0, 0};
-static void
+static bfd_boolean
parse_expression (ieee_data_type *ieee,
bfd_vma *value,
ieee_symbol_index_type *symbol,
@@ -529,68 +536,83 @@ parse_expression (ieee_data_type *ieee,
{
int section_n;
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
*pcrel = TRUE;
section_n = must_parse_int (&(ieee->h));
(void) section_n;
PUSH (NOSYMBOL, bfd_abs_section_ptr, 0);
break;
}
+
case ieee_variable_L_enum:
/* L variable address of section N. */
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
PUSH (NOSYMBOL, ieee->section_table[must_parse_int (&(ieee->h))], 0);
break;
+
case ieee_variable_R_enum:
/* R variable, logical address of section module. */
/* FIXME, this should be different to L. */
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
PUSH (NOSYMBOL, ieee->section_table[must_parse_int (&(ieee->h))], 0);
break;
+
case ieee_variable_S_enum:
/* S variable, size in MAUS of section module. */
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
PUSH (NOSYMBOL,
0,
ieee->section_table[must_parse_int (&(ieee->h))]->size);
break;
+
case ieee_variable_I_enum:
/* Push the address of variable n. */
{
ieee_symbol_index_type sy;
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
sy.index = (int) must_parse_int (&(ieee->h));
sy.letter = 'I';
PUSH (sy, bfd_abs_section_ptr, 0);
}
break;
+
case ieee_variable_X_enum:
/* Push the address of external variable n. */
{
ieee_symbol_index_type sy;
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
+
sy.index = (int) (must_parse_int (&(ieee->h)));
sy.letter = 'X';
PUSH (sy, bfd_und_section_ptr, 0);
}
break;
+
case ieee_function_minus_enum:
{
bfd_vma value1, value2;
asection *section1, *section_dummy;
ieee_symbol_index_type sy;
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
POP (sy, section1, value1);
POP (sy, section_dummy, value2);
PUSH (sy, section1 ? section1 : section_dummy, value2 - value1);
}
break;
+
case ieee_function_plus_enum:
{
bfd_vma value1, value2;
@@ -599,7 +621,8 @@ parse_expression (ieee_data_type *ieee,
ieee_symbol_index_type sy1;
ieee_symbol_index_type sy2;
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
POP (sy1, section1, value1);
POP (sy2, section2, value2);
@@ -608,6 +631,7 @@ parse_expression (ieee_data_type *ieee,
value1 + value2);
}
break;
+
default:
{
bfd_vma va;
@@ -644,17 +668,9 @@ parse_expression (ieee_data_type *ieee,
POP (*symbol, dummy, *value);
if (section)
*section = dummy;
-}
-
-#define ieee_seek(ieee, offset) \
- do \
- { \
- ieee->h.input_p = ieee->h.first_byte + offset; \
- ieee->h.last_byte = (ieee->h.first_byte \
- + ieee_part_after (ieee, offset)); \
- } \
- while (0)
+ return TRUE;
+}
#define ieee_pos(ieee) \
(ieee->h.input_p - ieee->h.first_byte)
@@ -676,6 +692,22 @@ ieee_part_after (ieee_data_type *ieee, file_ptr here)
return after;
}
+static bfd_boolean
+ieee_seek (ieee_data_type * ieee, file_ptr offset)
+{
+ /* PR 17512: file: 017-1157-0.004. */
+ if (offset < 0 || (bfd_size_type) offset >= ieee->h.total_amt)
+ {
+ ieee->h.input_p = ieee->h.first_byte + ieee->h.total_amt;
+ ieee->h.last_byte = ieee->h.input_p;
+ return FALSE;
+ }
+
+ ieee->h.input_p = ieee->h.first_byte + offset;
+ ieee->h.last_byte = (ieee->h.first_byte + ieee_part_after (ieee, offset));
+ return TRUE;
+}
+
static unsigned int last_index;
static char last_type; /* Is the index for an X or a D. */
@@ -730,14 +762,16 @@ ieee_slurp_external_symbols (bfd *abfd)
last_index = 0xffffff;
ieee->symbol_table_full = TRUE;
- ieee_seek (ieee, offset);
+ if (! ieee_seek (ieee, offset))
+ return FALSE;
while (loop)
{
switch (this_byte (&(ieee->h)))
{
case ieee_nn_record:
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
symbol = get_symbol (abfd, ieee, symbol, &symbol_count,
& prev_symbols_ptr,
@@ -750,8 +784,10 @@ ieee_slurp_external_symbols (bfd *abfd)
symbol->symbol.udata.p = NULL;
symbol->symbol.flags = BSF_NO_FLAGS;
break;
+
case ieee_external_symbol_enum:
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
symbol = get_symbol (abfd, ieee, symbol, &symbol_count,
&prev_symbols_ptr,
@@ -842,6 +878,7 @@ ieee_slurp_external_symbols (bfd *abfd)
}
}
break;
+
case ieee_value_record_enum >> 8:
{
unsigned int symbol_name_index;
@@ -849,17 +886,20 @@ ieee_slurp_external_symbols (bfd *abfd)
bfd_boolean pcrel_ignore;
unsigned int extra;
- next_byte (&(ieee->h));
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
symbol_name_index = must_parse_int (&(ieee->h));
(void) symbol_name_index;
- parse_expression (ieee,
- &symbol->symbol.value,
- &symbol_ignore,
- &pcrel_ignore,
- &extra,
- &symbol->symbol.section);
+ if (! parse_expression (ieee,
+ &symbol->symbol.value,
+ &symbol_ignore,
+ &pcrel_ignore,
+ &extra,
+ &symbol->symbol.section))
+ return FALSE;
/* Fully linked IEEE-695 files tend to give every symbol
an absolute value. Try to convert that back into a
@@ -892,7 +932,9 @@ ieee_slurp_external_symbols (bfd *abfd)
bfd_vma size;
bfd_vma value;
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
+
/* Throw away the external reference index. */
(void) must_parse_int (&(ieee->h));
/* Fetch the default size if not resolved. */
@@ -907,7 +949,8 @@ ieee_slurp_external_symbols (bfd *abfd)
break;
case ieee_external_reference_enum:
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
symbol = get_symbol (abfd, ieee, symbol, &symbol_count,
&prev_reference_ptr,
@@ -1092,7 +1135,7 @@ get_section_entry (bfd *abfd, ieee_data_type *ieee, unsigned int sindex)
return ieee->section_table[sindex];
}
-static void
+static bfd_boolean
ieee_slurp_sections (bfd *abfd)
{
ieee_data_type *ieee = IEEE_DATA (abfd);
@@ -1103,7 +1146,9 @@ ieee_slurp_sections (bfd *abfd)
{
bfd_byte section_type[3];
- ieee_seek (ieee, offset);
+ if (! ieee_seek (ieee, offset))
+ return FALSE;
+
while (TRUE)
{
switch (this_byte (&(ieee->h)))
@@ -1113,7 +1158,8 @@ ieee_slurp_sections (bfd *abfd)
asection *section;
unsigned int section_index;
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
section_index = must_parse_int (&(ieee->h));
section = get_section_entry (abfd, ieee, section_index);
@@ -1132,22 +1178,26 @@ ieee_slurp_sections (bfd *abfd)
{
/* AS Absolute section attributes. */
case 0xD3:
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
section_type[2] = this_byte (&(ieee->h));
switch (section_type[2])
{
case 0xD0:
/* Normal code. */
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
section->flags |= SEC_CODE;
break;
case 0xC4:
/* Normal data. */
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
section->flags |= SEC_DATA;
break;
case 0xD2:
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
/* Normal rom data. */
section->flags |= SEC_ROM | SEC_DATA;
break;
@@ -1164,15 +1214,18 @@ ieee_slurp_sections (bfd *abfd)
switch (section_type[1])
{
case 0xD0: /* Normal code (CP). */
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
section->flags |= SEC_CODE;
break;
case 0xC4: /* Normal data (CD). */
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
section->flags |= SEC_DATA;
break;
case 0xD2: /* Normal rom data (CR). */
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
section->flags |= SEC_ROM | SEC_DATA;
break;
default:
@@ -1201,7 +1254,8 @@ ieee_slurp_sections (bfd *abfd)
bfd_vma value;
asection *section;
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
section_index = must_parse_int (&ieee->h);
section = get_section_entry (abfd, ieee, section_index);
if (section_index > ieee->section_count)
@@ -1251,15 +1305,17 @@ ieee_slurp_sections (bfd *abfd)
(void) must_parse_int (&(ieee->h));
break;
default:
- return;
+ return TRUE;
}
}
break;
default:
- return;
+ return TRUE;
}
}
}
+
+ return TRUE;
}
/* Make a section for the debugging information, if any. We don't try
@@ -1323,7 +1379,8 @@ ieee_archive_p (bfd *abfd)
if (this_byte (&(ieee->h)) != Module_Beginning)
goto got_wrong_format_error;
- next_byte (&(ieee->h));
+ (void) next_byte (&(ieee->h));
+
library = read_id (&(ieee->h));
if (strcmp (library, "LIBRARY") != 0)
goto got_wrong_format_error;
@@ -1334,7 +1391,7 @@ ieee_archive_p (bfd *abfd)
ieee->element_count = 0;
ieee->element_index = 0;
- next_byte (&(ieee->h)); /* Drop the ad part. */
+ (void) next_byte (&(ieee->h)); /* Drop the ad part. */
must_parse_int (&(ieee->h)); /* And the two dummy numbers. */
must_parse_int (&(ieee->h));
@@ -1407,8 +1464,9 @@ ieee_archive_p (bfd *abfd)
ieee->h.first_byte = buffer;
ieee->h.input_p = buffer;
- next_byte (&(ieee->h)); /* Drop F8. */
- next_byte (&(ieee->h)); /* Drop 14. */
+ (void) next_byte (&(ieee->h)); /* Drop F8. */
+ if (! next_byte (&(ieee->h))) /* Drop 14. */
+ goto error_return;
must_parse_int (&(ieee->h)); /* Drop size of block. */
if (must_parse_int (&(ieee->h)) != 0)
@@ -1467,7 +1525,8 @@ do_one (ieee_data_type *ieee,
unsigned int number_of_maus;
unsigned int i;
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
number_of_maus = must_parse_int (&(ieee->h));
for (i = 0; i < number_of_maus; i++)
@@ -1482,7 +1541,8 @@ do_one (ieee_data_type *ieee,
{
bfd_boolean loop = TRUE;
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
while (loop)
{
switch (this_byte (&(ieee->h)))
@@ -1505,13 +1565,16 @@ do_one (ieee_data_type *ieee,
*(current_map->reloc_tail_ptr) = r;
current_map->reloc_tail_ptr = &r->next;
r->next = (ieee_reloc_type *) NULL;
- next_byte (&(ieee->h));
-/* abort();*/
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
+
r->relent.sym_ptr_ptr = 0;
- parse_expression (ieee,
- &r->relent.addend,
- &r->symbol,
- &pcrel, &extra, §ion);
+ if (! parse_expression (ieee,
+ &r->relent.addend,
+ &r->symbol,
+ &pcrel, &extra, §ion))
+ return FALSE;
+
r->relent.address = current_map->pc;
s->flags |= SEC_RELOC;
s->owner->flags |= HAS_RELOC;
@@ -1521,7 +1584,8 @@ do_one (ieee_data_type *ieee,
if (this_byte (&(ieee->h)) == (int) ieee_comma)
{
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
/* Fetch number of bytes to pad. */
extra = must_parse_int (&(ieee->h));
};
@@ -1529,13 +1593,16 @@ do_one (ieee_data_type *ieee,
switch (this_byte (&(ieee->h)))
{
case ieee_function_signed_close_b_enum:
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
break;
case ieee_function_unsigned_close_b_enum:
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
break;
case ieee_function_either_close_b_enum:
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
break;
default:
break;
@@ -1634,7 +1701,8 @@ do_one (ieee_data_type *ieee,
for (i = 0; i < this_size; i++)
{
location_ptr[current_map->pc++] = this_byte (&(ieee->h));
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
}
}
else
@@ -1667,7 +1735,9 @@ ieee_slurp_section_data (bfd *abfd)
if (ieee->read_data)
return TRUE;
ieee->read_data = TRUE;
- ieee_seek (ieee, ieee->w.r.data_part);
+
+ if (! ieee_seek (ieee, ieee->w.r.data_part))
+ return FALSE;
/* Allocate enough space for all the section contents. */
for (s = abfd->sections; s != (asection *) NULL; s = s->next)
@@ -1693,7 +1763,8 @@ ieee_slurp_section_data (bfd *abfd)
return TRUE;
case ieee_set_current_section_enum:
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
section_number = must_parse_int (&(ieee->h));
s = ieee->section_table[section_number];
s->flags |= SEC_LOAD | SEC_HAS_CONTENTS;
@@ -1706,7 +1777,8 @@ ieee_slurp_section_data (bfd *abfd)
break;
case ieee_e2_first_byte_enum:
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
switch (this_byte (&(ieee->h)))
{
case ieee_set_current_pc_enum & 0xff:
@@ -1716,21 +1788,28 @@ ieee_slurp_section_data (bfd *abfd)
unsigned int extra;
bfd_boolean pcrel;
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
must_parse_int (&(ieee->h)); /* Throw away section #. */
- parse_expression (ieee, &value,
- &symbol,
- &pcrel, &extra,
- 0);
+ if (! parse_expression (ieee, &value,
+ &symbol,
+ &pcrel, &extra,
+ 0))
+ return FALSE;
+
current_map->pc = value;
BFD_ASSERT ((unsigned) (value - s->vma) <= s->size);
}
break;
case ieee_value_starting_address_enum & 0xff:
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
if (this_byte (&(ieee->h)) == ieee_function_either_open_b_enum)
- next_byte (&(ieee->h));
+ {
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
+ }
abfd->start_address = must_parse_int (&(ieee->h));
/* We've got to the end of the data now - */
return TRUE;
@@ -1748,7 +1827,8 @@ ieee_slurp_section_data (bfd *abfd)
unsigned int iterations;
unsigned char *start;
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
iterations = must_parse_int (&(ieee->h));
start = ieee->h.input_p;
if (start[0] == (int) ieee_load_constant_bytes_enum
@@ -1759,9 +1839,10 @@ ieee_slurp_section_data (bfd *abfd)
location_ptr[current_map->pc++] = start[2];
iterations--;
}
- next_byte (&(ieee->h));
- next_byte (&(ieee->h));
- next_byte (&(ieee->h));
+ (void) next_byte (&(ieee->h));
+ (void) next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ return FALSE;
}
else
{
@@ -1806,6 +1887,7 @@ ieee_object_p (bfd *abfd)
goto got_wrong_format;
ieee->h.input_p = buffer;
+ ieee->h.total_amt = sizeof (buffer);
if (this_byte_and_next (&(ieee->h)) != Module_Beginning)
goto got_wrong_format;
@@ -1901,7 +1983,8 @@ ieee_object_p (bfd *abfd)
if (this_byte (&(ieee->h)) != (int) ieee_address_descriptor_enum)
goto fail;
- next_byte (&(ieee->h));
+ if (! next_byte (&(ieee->h)))
+ goto fail;
if (! parse_int (&(ieee->h), &ieee->ad.number_of_bits_mau))
goto fail;
@@ -1912,7 +1995,10 @@ ieee_object_p (bfd *abfd)
/* If there is a byte order info, take it. */
if (this_byte (&(ieee->h)) == (int) ieee_variable_L_enum
|| this_byte (&(ieee->h)) == (int) ieee_variable_M_enum)
- next_byte (&(ieee->h));
+ {
+ if (! next_byte (&(ieee->h)))
+ goto fail;
+ }
for (part = 0; part < N_W_VARIABLES; part++)
{
@@ -1943,12 +2029,17 @@ ieee_object_p (bfd *abfd)
goto fail;
if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0)
goto fail;
+
/* FIXME: Check return value. I'm not sure whether it needs to read
the entire buffer or not. */
- bfd_bread ((void *) (IEEE_DATA (abfd)->h.first_byte),
- (bfd_size_type) ieee->w.r.me_record + 1, abfd);
+ amt = bfd_bread ((void *) (IEEE_DATA (abfd)->h.first_byte),
+ (bfd_size_type) ieee->w.r.me_record + 1, abfd);
+ if (amt <= 0)
+ goto fail;
- ieee_slurp_sections (abfd);
+ IEEE_DATA (abfd)->h.total_amt = amt;
+ if (ieee_slurp_sections (abfd))
+ goto fail;
if (! ieee_slurp_debug (abfd))
goto fail;
@@ -3737,6 +3828,8 @@ ieee_sizeof_headers (bfd *abfd ATTRIBUTE_UNUSED,
#define ieee_update_armap_timestamp bfd_true
#define ieee_get_elt_at_index _bfd_generic_get_elt_at_index
+#define ieee_get_symbol_version_string \
+ _bfd_nosymbols_get_symbol_version_string
#define ieee_bfd_is_target_special_symbol \
((bfd_boolean (*) (bfd *, asymbol *)) bfd_false)
#define ieee_bfd_is_local_label_name bfd_generic_is_local_label_name
diff --git a/bfd/libbfd-in.h b/bfd/libbfd-in.h
index 50a46ac..ad27f2e 100644
--- a/bfd/libbfd-in.h
+++ b/bfd/libbfd-in.h
@@ -837,3 +837,5 @@ extern void bfd_section_already_linked_table_traverse
extern bfd_vma read_unsigned_leb128 (bfd *, bfd_byte *, unsigned int *);
extern bfd_signed_vma read_signed_leb128 (bfd *, bfd_byte *, unsigned int *);
+extern bfd_vma safe_read_leb128 (bfd *, bfd_byte *, unsigned int *,
+ bfd_boolean, const bfd_byte * const);
diff --git a/bfd/libbfd.c b/bfd/libbfd.c
index 6352c9c..c079247 100644
--- a/bfd/libbfd.c
+++ b/bfd/libbfd.c
@@ -171,15 +171,18 @@ void *
bfd_malloc (bfd_size_type size)
{
void *ptr;
+ size_t sz = (size_t) size;
- if (size != (size_t) size)
+ if (size != sz
+ /* This is to pacify memory checkers like valgrind. */
+ || ((signed long) sz) < 0)
{
bfd_set_error (bfd_error_no_memory);
return NULL;
}
- ptr = malloc ((size_t) size);
- if (ptr == NULL && (size_t) size != 0)
+ ptr = malloc (sz);
+ if (ptr == NULL && sz != 0)
bfd_set_error (bfd_error_no_memory);
return ptr;
@@ -190,8 +193,6 @@ bfd_malloc (bfd_size_type size)
void *
bfd_malloc2 (bfd_size_type nmemb, bfd_size_type size)
{
- void *ptr;
-
if ((nmemb | size) >= HALF_BFD_SIZE_TYPE
&& size != 0
&& nmemb > ~(bfd_size_type) 0 / size)
@@ -200,19 +201,7 @@ bfd_malloc2 (bfd_size_type nmemb, bfd_size_type size)
return NULL;
}
- size *= nmemb;
-
- if (size != (size_t) size)
- {
- bfd_set_error (bfd_error_no_memory);
- return NULL;
- }
-
- ptr = malloc ((size_t) size);
- if (ptr == NULL && (size_t) size != 0)
- bfd_set_error (bfd_error_no_memory);
-
- return ptr;
+ return bfd_malloc (size * nmemb);
}
/* Reallocate memory using realloc. */
@@ -221,19 +210,22 @@ void *
bfd_realloc (void *ptr, bfd_size_type size)
{
void *ret;
+ size_t sz = (size_t) size;
+
+ if (ptr == NULL)
+ return bfd_malloc (size);
- if (size != (size_t) size)
+ if (size != sz
+ /* This is to pacify memory checkers like valgrind. */
+ || ((signed long) sz) < 0)
{
bfd_set_error (bfd_error_no_memory);
return NULL;
}
- if (ptr == NULL)
- ret = malloc ((size_t) size);
- else
- ret = realloc (ptr, (size_t) size);
+ ret = realloc (ptr, sz);
- if (ret == NULL && (size_t) size != 0)
+ if (ret == NULL && sz != 0)
bfd_set_error (bfd_error_no_memory);
return ret;
@@ -244,8 +236,6 @@ bfd_realloc (void *ptr, bfd_size_type size)
void *
bfd_realloc2 (void *ptr, bfd_size_type nmemb, bfd_size_type size)
{
- void *ret;
-
if ((nmemb | size) >= HALF_BFD_SIZE_TYPE
&& size != 0
&& nmemb > ~(bfd_size_type) 0 / size)
@@ -254,23 +244,7 @@ bfd_realloc2 (void *ptr, bfd_size_type nmemb, bfd_size_type size)
return NULL;
}
- size *= nmemb;
-
- if (size != (size_t) size)
- {
- bfd_set_error (bfd_error_no_memory);
- return NULL;
- }
-
- if (ptr == NULL)
- ret = malloc ((size_t) size);
- else
- ret = realloc (ptr, (size_t) size);
-
- if (ret == NULL && (size_t) size != 0)
- bfd_set_error (bfd_error_no_memory);
-
- return ret;
+ return bfd_realloc (ptr, size * nmemb);
}
/* Reallocate memory using realloc.
@@ -279,24 +253,10 @@ bfd_realloc2 (void *ptr, bfd_size_type nmemb, bfd_size_type size)
void *
bfd_realloc_or_free (void *ptr, bfd_size_type size)
{
- size_t amount = (size_t) size;
- void *ret;
+ void *ret = bfd_realloc (ptr, size);
- if (size != amount)
- ret = NULL;
- else if (ptr == NULL)
- ret = malloc (amount);
- else
- ret = realloc (ptr, amount);
-
- if (ret == NULL)
- {
- if (amount > 0)
- bfd_set_error (bfd_error_no_memory);
-
- if (ptr != NULL)
- free (ptr);
- }
+ if (ret == NULL && ptr != NULL)
+ free (ptr);
return ret;
}
@@ -306,23 +266,10 @@ bfd_realloc_or_free (void *ptr, bfd_size_type size)
void *
bfd_zmalloc (bfd_size_type size)
{
- void *ptr;
+ void *ptr = bfd_malloc (size);
- if (size != (size_t) size)
- {
- bfd_set_error (bfd_error_no_memory);
- return NULL;
- }
-
- ptr = malloc ((size_t) size);
-
- if ((size_t) size != 0)
- {
- if (ptr == NULL)
- bfd_set_error (bfd_error_no_memory);
- else
- memset (ptr, 0, (size_t) size);
- }
+ if (ptr != NULL && size > 0)
+ memset (ptr, 0, (size_t) size);
return ptr;
}
@@ -333,32 +280,14 @@ bfd_zmalloc (bfd_size_type size)
void *
bfd_zmalloc2 (bfd_size_type nmemb, bfd_size_type size)
{
- void *ptr;
+ void *ptr = bfd_malloc2 (nmemb, size);
- if ((nmemb | size) >= HALF_BFD_SIZE_TYPE
- && size != 0
- && nmemb > ~(bfd_size_type) 0 / size)
+ if (ptr != NULL)
{
- bfd_set_error (bfd_error_no_memory);
- return NULL;
- }
-
- size *= nmemb;
-
- if (size != (size_t) size)
- {
- bfd_set_error (bfd_error_no_memory);
- return NULL;
- }
+ size_t sz = nmemb * size;
- ptr = malloc ((size_t) size);
-
- if ((size_t) size != 0)
- {
- if (ptr == NULL)
- bfd_set_error (bfd_error_no_memory);
- else
- memset (ptr, 0, (size_t) size);
+ if (sz > 0)
+ memset (ptr, 0, sz);
}
return ptr;
@@ -1074,6 +1003,45 @@ read_unsigned_leb128 (bfd *abfd ATTRIBUTE_UNUSED,
return result;
}
+/* Read in a LEB128 encoded value from ABFD starting at DATA.
+ If SIGN is true, return a signed LEB128 value.
+ If LENGTH_RETURN is not NULL, return in it the number of bytes read.
+ No bytes will be read at address END or beyond. */
+
+bfd_vma
+safe_read_leb128 (bfd *abfd ATTRIBUTE_UNUSED,
+ bfd_byte *data,
+ unsigned int *length_return,
+ bfd_boolean sign,
+ const bfd_byte * const end)
+{
+ bfd_vma result = 0;
+ unsigned int num_read = 0;
+ unsigned int shift = 0;
+ unsigned char byte = 0;
+
+ while (data < end)
+ {
+ byte = bfd_get_8 (abfd, data);
+ data++;
+ num_read++;
+
+ result |= ((bfd_vma) (byte & 0x7f)) << shift;
+
+ shift += 7;
+ if ((byte & 0x80) == 0)
+ break;
+ }
+
+ if (length_return != NULL)
+ *length_return = num_read;
+
+ if (sign && (shift < 8 * sizeof (result)) && (byte & 0x40))
+ result |= (bfd_vma) -1 << shift;
+
+ return result;
+}
+
/* Helper function for reading sleb128 encoded data. */
bfd_signed_vma
diff --git a/bfd/libbfd.h b/bfd/libbfd.h
index 6c48f82..1c54d0f 100644
--- a/bfd/libbfd.h
+++ b/bfd/libbfd.h
@@ -842,6 +842,8 @@ extern void bfd_section_already_linked_table_traverse
extern bfd_vma read_unsigned_leb128 (bfd *, bfd_byte *, unsigned int *);
extern bfd_signed_vma read_signed_leb128 (bfd *, bfd_byte *, unsigned int *);
+extern bfd_vma safe_read_leb128 (bfd *, bfd_byte *, unsigned int *,
+ bfd_boolean, const bfd_byte * const);
/* Extracted from init.c. */
/* Extracted from libbfd.c. */
bfd_boolean bfd_write_bigendian_4byte_int (bfd *, unsigned int);
diff --git a/bfd/libieee.h b/bfd/libieee.h
index 7026b85..27fd467 100644
--- a/bfd/libieee.h
+++ b/bfd/libieee.h
@@ -66,6 +66,7 @@ typedef struct {
unsigned char *input_p;
unsigned char *first_byte;
unsigned char *last_byte;
+ bfd_size_type total_amt;
bfd *abfd;
} common_header_type ;
diff --git a/bfd/linker.c b/bfd/linker.c
index 9223810..f7f32a3 100644
--- a/bfd/linker.c
+++ b/bfd/linker.c
@@ -2434,7 +2434,7 @@ _bfd_generic_reloc_link_order (bfd *abfd,
size = bfd_get_reloc_size (r->howto);
buf = (bfd_byte *) bfd_zmalloc (size);
- if (buf == NULL)
+ if (buf == NULL && size != 0)
return FALSE;
rstat = _bfd_relocate_contents (r->howto, abfd,
(bfd_vma) link_order->u.reloc.p->addend,
diff --git a/bfd/mach-o.c b/bfd/mach-o.c
index 3952689..5364c50 100644
--- a/bfd/mach-o.c
+++ b/bfd/mach-o.c
@@ -690,6 +690,20 @@ bfd_mach_o_bfd_copy_private_header_data (bfd *ibfd, bfd *obfd)
ody->export_size = idy->export_size;
ody->export_content = idy->export_content;
}
+ /* PR 17512: file: 730e492d. */
+ else
+ {
+ ody->rebase_size =
+ ody->bind_size =
+ ody->weak_bind_size =
+ ody->lazy_bind_size =
+ ody->export_size = 0;
+ ody->rebase_content =
+ ody->bind_content =
+ ody->weak_bind_content =
+ ody->lazy_bind_content =
+ ody->export_content = NULL;
+ }
}
break;
@@ -790,18 +804,19 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
bfd_mach_o_dysymtab_command *dysymtab = mdata->dysymtab;
bfd_mach_o_symtab_command *symtab = mdata->symtab;
asymbol *s;
+ char * s_start;
+ char * s_end;
unsigned long count, i, j, n;
size_t size;
char *names;
char *nul_name;
+ const char stub [] = "$stub";
*ret = NULL;
/* Stop now if no symbols or no indirect symbols. */
- if (dysymtab == NULL || symtab == NULL || symtab->symbols == NULL)
- return 0;
-
- if (dysymtab->nindirectsyms == 0)
+ if (dysymtab == NULL || dysymtab->nindirectsyms == 0
+ || symtab == NULL || symtab->symbols == NULL)
return 0;
/* We need to allocate a bfd symbol for every indirect symbol and to
@@ -811,19 +826,23 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
for (j = 0; j < count; j++)
{
+ const char * strng;
unsigned int isym = dysymtab->indirect_syms[j];
/* Some indirect symbols are anonymous. */
- if (isym < symtab->nsyms && symtab->symbols[isym].symbol.name)
- size += strlen (symtab->symbols[isym].symbol.name) + sizeof ("$stub");
+ if (isym < symtab->nsyms && (strng = symtab->symbols[isym].symbol.name))
+ /* PR 17512: file: f5b8eeba. */
+ size += strnlen (strng, symtab->strsize - (strng - symtab->strtab)) + sizeof (stub);
}
- s = *ret = (asymbol *) bfd_malloc (size);
+ s_start = bfd_malloc (size);
+ s = *ret = (asymbol *) s_start;
if (s == NULL)
return -1;
names = (char *) (s + count);
nul_name = names;
*names++ = 0;
+ s_end = s_start + size;
n = 0;
for (i = 0; i < mdata->nsects; i++)
@@ -843,10 +862,19 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
last = first + bfd_mach_o_section_get_nbr_indirect (abfd, sec);
addr = sec->addr;
entry_size = bfd_mach_o_section_get_entry_size (abfd, sec);
+
+ /* PR 17512: file: 08e15eec. */
+ if (first >= count || last >= count || first > last)
+ goto fail;
+
for (j = first; j < last; j++)
{
unsigned int isym = dysymtab->indirect_syms[j];
+ /* PR 17512: file: 04d64d9b. */
+ if (((char *) s) + sizeof (* s) > s_end)
+ goto fail;
+
s->flags = BSF_GLOBAL | BSF_SYNTHETIC;
s->section = sec->bfdsection;
s->value = addr - sec->addr;
@@ -860,10 +888,16 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
s->name = names;
len = strlen (sym);
+ /* PR 17512: file: 47dfd4d2. */
+ if (names + len >= s_end)
+ goto fail;
memcpy (names, sym, len);
names += len;
- memcpy (names, "$stub", sizeof ("$stub"));
- names += sizeof ("$stub");
+ /* PR 17512: file: 18f340a4. */
+ if (names + sizeof (stub) >= s_end)
+ goto fail;
+ memcpy (names, stub, sizeof (stub));
+ names += sizeof (stub);
}
else
s->name = nul_name;
@@ -879,6 +913,11 @@ bfd_mach_o_get_synthetic_symtab (bfd *abfd,
}
return n;
+
+ fail:
+ free (s_start);
+ * ret = NULL;
+ return -1;
}
void
@@ -1349,8 +1388,14 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd,
if (reloc.r_extern)
{
- /* An external symbol number. */
- sym = syms + num;
+ /* PR 17512: file: 8396-1185-0.004. */
+ if (num >= (unsigned) bfd_mach_o_count_symbols (abfd))
+ sym = bfd_und_section_ptr->symbol_ptr_ptr;
+ else if (syms == NULL)
+ sym = bfd_und_section_ptr->symbol_ptr_ptr;
+ else
+ /* An external symbol number. */
+ sym = syms + num;
}
else if (num == 0x00ffffff || num == 0)
{
@@ -1363,9 +1408,11 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd,
}
else
{
+ /* PR 17512: file: 006-2964-0.004. */
+ if (num > mdata->nsects)
+ return -1;
+
/* A section number. */
- BFD_ASSERT (num <= mdata->nsects);
-
sym = mdata->sections[num - 1]->bfdsection->symbol_ptr_ptr;
/* For a symbol defined in section S, the addend (stored in the
binary) contains the address of the section. To comply with
@@ -1394,6 +1441,7 @@ bfd_mach_o_canonicalize_one_reloc (bfd *abfd,
if (!(*bed->_bfd_mach_o_swap_reloc_in)(res, &reloc))
return -1;
+
return 0;
}
@@ -1408,6 +1456,11 @@ bfd_mach_o_canonicalize_relocs (bfd *abfd, unsigned long filepos,
/* Allocate and read relocs. */
native_size = count * BFD_MACH_O_RELENT_SIZE;
+
+ /* PR 17512: file: 09477b57. */
+ if (native_size < count)
+ return -1;
+
native_relocs =
(struct mach_o_reloc_info_external *) bfd_malloc (native_size);
if (native_relocs == NULL)
@@ -1447,6 +1500,8 @@ bfd_mach_o_canonicalize_reloc (bfd *abfd, asection *asect,
if (asect->relocation == NULL)
{
+ if (asect->reloc_count * sizeof (arelent) < asect->reloc_count)
+ return -1;
res = bfd_malloc (asect->reloc_count * sizeof (arelent));
if (res == NULL)
return -1;
@@ -1500,6 +1555,10 @@ bfd_mach_o_canonicalize_dynamic_reloc (bfd *abfd, arelent **rels,
if (mdata->dyn_reloc_cache == NULL)
{
+ if ((dysymtab->nextrel + dysymtab->nlocrel) * sizeof (arelent)
+ < (dysymtab->nextrel + dysymtab->nlocrel))
+ return -1;
+
res = bfd_malloc ((dysymtab->nextrel + dysymtab->nlocrel)
* sizeof (arelent));
if (res == NULL)
@@ -1814,11 +1873,10 @@ bfd_mach_o_write_symtab_content (bfd *abfd, bfd_mach_o_symtab_command *sym)
mdata->filelen += sym->strsize;
if (bfd_seek (abfd, sym->stroff, SEEK_SET) != 0)
- return FALSE;
+ goto err;
if (_bfd_stringtab_emit (abfd, strtab) != TRUE)
goto err;
- _bfd_stringtab_free (strtab);
/* Pad string table. */
padlen = bfd_mach_o_pad4 (abfd, sym->strsize);
@@ -1831,6 +1889,7 @@ bfd_mach_o_write_symtab_content (bfd *abfd, bfd_mach_o_symtab_command *sym)
err:
_bfd_stringtab_free (strtab);
+ sym->strsize = 0;
return FALSE;
}
@@ -1948,6 +2007,8 @@ bfd_mach_o_build_dysymtab (bfd *abfd, bfd_mach_o_dysymtab_command *cmd)
cmd->indirectsymoff = mdata->filelen;
mdata->filelen += cmd->nindirectsyms * 4;
+ if (cmd->nindirectsyms * 4 < cmd->nindirectsyms)
+ return FALSE;
cmd->indirect_syms = bfd_zalloc (abfd, cmd->nindirectsyms * 4);
if (cmd->indirect_syms == NULL)
return FALSE;
@@ -2334,17 +2395,20 @@ bfd_mach_o_mangle_sections (bfd *abfd, bfd_mach_o_data_struct *mdata)
&& (mdata->nsects == 0 || mdata->sections != NULL))
return TRUE;
+ /* We need to check that this can be done... */
+ if (nsect > 255)
+ {
+ (*_bfd_error_handler) (_("mach-o: there are too many sections (%u)"
+ " maximum is 255,\n"), nsect);
+ return FALSE;
+ }
+
mdata->nsects = nsect;
- mdata->sections = bfd_alloc (abfd,
- mdata->nsects * sizeof (bfd_mach_o_section *));
+ mdata->sections = bfd_alloc2 (abfd,
+ mdata->nsects, sizeof (bfd_mach_o_section *));
if (mdata->sections == NULL)
return FALSE;
- /* We need to check that this can be done... */
- if (nsect > 255)
- (*_bfd_error_handler) (_("mach-o: there are too many sections (%d)"
- " maximum is 255,\n"), nsect);
-
/* Create Mach-O sections.
Section type, attribute and align should have been set when the
section was created - either read in or specified. */
@@ -2726,7 +2790,14 @@ bfd_mach_o_build_exec_seg_command (bfd *abfd, bfd_mach_o_segment_command *seg)
bfd_mach_o_append_section_to_segment (seg, s);
- BFD_ASSERT (s->addr >= vma);
+ if (s->addr < vma)
+ {
+ (*_bfd_error_handler)
+ (_("section address (%lx) below start of segment (%lx)"),
+ (unsigned long) s->addr, (unsigned long) vma);
+ return FALSE;
+ }
+
vma = s->addr + s->size;
}
@@ -2801,7 +2872,7 @@ bfd_mach_o_build_exec_seg_command (bfd *abfd, bfd_mach_o_segment_command *seg)
/* Layout the commands: set commands size and offset, set ncmds and sizeofcmds
fields in header. */
-static void
+static bfd_boolean
bfd_mach_o_layout_commands (bfd_mach_o_data_struct *mdata)
{
unsigned wide = mach_o_wide_p (&mdata->header);
@@ -2809,6 +2880,7 @@ bfd_mach_o_layout_commands (bfd_mach_o_data_struct *mdata)
ufile_ptr offset;
bfd_mach_o_load_command *cmd;
unsigned int align;
+ bfd_boolean ret = TRUE;
hdrlen = wide ? BFD_MACH_O_HEADER_64_SIZE : BFD_MACH_O_HEADER_SIZE;
align = wide ? 8 - 1 : 4 - 1;
@@ -2864,6 +2936,7 @@ bfd_mach_o_layout_commands (bfd_mach_o_data_struct *mdata)
(*_bfd_error_handler)
(_("unable to layout unknown load command 0x%lx"),
(unsigned long) cmd->type);
+ ret = FALSE;
break;
}
@@ -2872,6 +2945,8 @@ bfd_mach_o_layout_commands (bfd_mach_o_data_struct *mdata)
}
mdata->header.sizeofcmds = offset - hdrlen;
mdata->filelen = offset;
+
+ return ret;
}
/* Subroutine of bfd_mach_o_build_commands: set type, name and nsects of a
@@ -3006,8 +3081,7 @@ bfd_mach_o_build_commands (bfd *abfd)
if (nbr_commands == 0)
{
/* Layout commands (well none...) and set headers command fields. */
- bfd_mach_o_layout_commands (mdata);
- return TRUE;
+ return bfd_mach_o_layout_commands (mdata);
}
/* Create commands for segments (and symtabs), prepend them. */
@@ -3090,7 +3164,8 @@ bfd_mach_o_build_commands (bfd *abfd)
}
/* Layout commands. */
- bfd_mach_o_layout_commands (mdata);
+ if (! bfd_mach_o_layout_commands (mdata))
+ return FALSE;
/* So, now we have sized the commands and the filelen set to that.
Now we can build the segment command and set the section file offsets. */
@@ -3394,6 +3469,13 @@ bfd_mach_o_read_section_32 (bfd *abfd,
section->size = bfd_h_get_32 (abfd, raw.size);
section->offset = bfd_h_get_32 (abfd, raw.offset);
section->align = bfd_h_get_32 (abfd, raw.align);
+ /* PR 17512: file: 0017eb76. */
+ if (section->align > 64)
+ {
+ (*_bfd_error_handler) (_("bfd_mach_o_read_section_32: overlarge alignment value: 0x%x, using 32 instead"),
+ section->align);
+ section->align = 32;
+ }
section->reloff = bfd_h_get_32 (abfd, raw.reloff);
section->nreloc = bfd_h_get_32 (abfd, raw.nreloc);
section->flags = bfd_h_get_32 (abfd, raw.flags);
@@ -3433,6 +3515,12 @@ bfd_mach_o_read_section_64 (bfd *abfd,
section->size = bfd_h_get_64 (abfd, raw.size);
section->offset = bfd_h_get_32 (abfd, raw.offset);
section->align = bfd_h_get_32 (abfd, raw.align);
+ if (section->align > 64)
+ {
+ (*_bfd_error_handler) (_("bfd_mach_o_read_section_64: overlarge alignment value: 0x%x, using 32 instead"),
+ section->align);
+ section->align = 32;
+ }
section->reloff = bfd_h_get_32 (abfd, raw.reloff);
section->nreloc = bfd_h_get_32 (abfd, raw.nreloc);
section->flags = bfd_h_get_32 (abfd, raw.flags);
@@ -3637,16 +3725,21 @@ bfd_mach_o_read_symtab_strtab (bfd *abfd)
}
else
{
- sym->strtab = bfd_alloc (abfd, sym->strsize);
+ sym->strtab = bfd_alloc (abfd, sym->strsize + 1);
if (sym->strtab == NULL)
return FALSE;
if (bfd_seek (abfd, sym->stroff, SEEK_SET) != 0
|| bfd_bread (sym->strtab, sym->strsize, abfd) != sym->strsize)
{
+ /* PR 17512: file: 10888-1609-0.004. */
+ bfd_release (abfd, sym->strtab);
+ sym->strtab = NULL;
bfd_set_error (bfd_error_file_truncated);
return FALSE;
}
+ /* Zero terminate the string table. */
+ sym->strtab[sym->strsize] = 0;
}
return TRUE;
@@ -3660,29 +3753,31 @@ bfd_mach_o_read_symtab_symbols (bfd *abfd)
unsigned long i;
if (sym == NULL || sym->symbols)
- {
- /* Return now if there are no symbols or if already loaded. */
- return TRUE;
- }
-
- sym->symbols = bfd_alloc (abfd, sym->nsyms * sizeof (bfd_mach_o_asymbol));
+ /* Return now if there are no symbols or if already loaded. */
+ return TRUE;
+ sym->symbols = bfd_alloc2 (abfd, sym->nsyms, sizeof (bfd_mach_o_asymbol));
if (sym->symbols == NULL)
{
(*_bfd_error_handler) (_("bfd_mach_o_read_symtab_symbols: unable to allocate memory for symbols"));
+ sym->nsyms = 0;
return FALSE;
}
if (!bfd_mach_o_read_symtab_strtab (abfd))
- return FALSE;
+ goto fail;
for (i = 0; i < sym->nsyms; i++)
- {
- if (!bfd_mach_o_read_symtab_symbol (abfd, sym, &sym->symbols[i], i))
- return FALSE;
- }
+ if (!bfd_mach_o_read_symtab_symbol (abfd, sym, &sym->symbols[i], i))
+ goto fail;
return TRUE;
+
+ fail:
+ bfd_release (abfd, sym->symbols);
+ sym->symbols = NULL;
+ sym->nsyms = 0;
+ return FALSE;
}
static const char *
@@ -3915,8 +4010,8 @@ bfd_mach_o_read_thread (bfd *abfd, bfd_mach_o_load_command *command)
}
/* Allocate threads. */
- cmd->flavours = bfd_alloc
- (abfd, nflavours * sizeof (bfd_mach_o_thread_flavour));
+ cmd->flavours = bfd_alloc2
+ (abfd, nflavours, sizeof (bfd_mach_o_thread_flavour));
if (cmd->flavours == NULL)
return FALSE;
cmd->nflavours = nflavours;
@@ -4039,7 +4134,7 @@ bfd_mach_o_read_dysymtab (bfd *abfd, bfd_mach_o_load_command *command)
unsigned int module_len = wide ? 56 : 52;
cmd->dylib_module =
- bfd_alloc (abfd, cmd->nmodtab * sizeof (bfd_mach_o_dylib_module));
+ bfd_alloc2 (abfd, cmd->nmodtab, sizeof (bfd_mach_o_dylib_module));
if (cmd->dylib_module == NULL)
return FALSE;
@@ -4085,10 +4180,10 @@ bfd_mach_o_read_dysymtab (bfd *abfd, bfd_mach_o_load_command *command)
if (cmd->ntoc != 0)
{
- unsigned int i;
+ unsigned long i;
- cmd->dylib_toc = bfd_alloc
- (abfd, cmd->ntoc * sizeof (bfd_mach_o_dylib_table_of_content));
+ cmd->dylib_toc = bfd_alloc2
+ (abfd, cmd->ntoc, sizeof (bfd_mach_o_dylib_table_of_content));
if (cmd->dylib_toc == NULL)
return FALSE;
@@ -4112,8 +4207,8 @@ bfd_mach_o_read_dysymtab (bfd *abfd, bfd_mach_o_load_command *command)
{
unsigned int i;
- cmd->indirect_syms = bfd_alloc
- (abfd, cmd->nindirectsyms * sizeof (unsigned int));
+ cmd->indirect_syms = bfd_alloc2
+ (abfd, cmd->nindirectsyms, sizeof (unsigned int));
if (cmd->indirect_syms == NULL)
return FALSE;
@@ -4137,8 +4232,8 @@ bfd_mach_o_read_dysymtab (bfd *abfd, bfd_mach_o_load_command *command)
unsigned long v;
unsigned int i;
- cmd->ext_refs = bfd_alloc
- (abfd, cmd->nextrefsyms * sizeof (bfd_mach_o_dylib_reference));
+ cmd->ext_refs = bfd_alloc2
+ (abfd, cmd->nextrefsyms, sizeof (bfd_mach_o_dylib_reference));
if (cmd->ext_refs == NULL)
return FALSE;
@@ -4638,9 +4733,10 @@ bfd_mach_o_read_command (bfd *abfd, bfd_mach_o_load_command *command)
return FALSE;
break;
default:
+ command->len = 0;
(*_bfd_error_handler)(_("%B: unknown load command 0x%lx"),
- abfd, (unsigned long) command->type);
- break;
+ abfd, (unsigned long) command->type);
+ return FALSE;
}
return TRUE;
@@ -4668,8 +4764,8 @@ bfd_mach_o_flatten_sections (bfd *abfd)
}
/* Allocate sections array. */
- mdata->sections = bfd_alloc (abfd,
- mdata->nsects * sizeof (bfd_mach_o_section *));
+ mdata->sections = bfd_alloc2 (abfd,
+ mdata->nsects, sizeof (bfd_mach_o_section *));
/* Fill the array. */
csect = 0;
@@ -4841,7 +4937,8 @@ bfd_mach_o_scan (bfd *abfd,
mdata->first_command = NULL;
mdata->last_command = NULL;
- cmd = bfd_alloc (abfd, header->ncmds * sizeof (bfd_mach_o_load_command));
+
+ cmd = bfd_alloc2 (abfd, header->ncmds, sizeof (bfd_mach_o_load_command));
if (cmd == NULL)
return FALSE;
@@ -5077,7 +5174,7 @@ bfd_mach_o_archive_p (bfd *abfd)
goto error;
adata->archentries =
- bfd_alloc (abfd, adata->nfat_arch * sizeof (mach_o_fat_archentry));
+ bfd_alloc2 (abfd, adata->nfat_arch, sizeof (mach_o_fat_archentry));
if (adata->archentries == NULL)
goto error;
@@ -5094,6 +5191,7 @@ bfd_mach_o_archive_p (bfd *abfd)
}
abfd->tdata.mach_o_fat_data = adata;
+
return abfd->xvec;
error:
diff --git a/bfd/nlm32-sparc.c b/bfd/nlm32-sparc.c
index 4a68fa2..815c0fa 100644
--- a/bfd/nlm32-sparc.c
+++ b/bfd/nlm32-sparc.c
@@ -49,7 +49,7 @@ enum reloc_type
static reloc_howto_type nlm32_sparc_howto_table[] =
{
- HOWTO (R_SPARC_NONE, 0,0, 0,FALSE,0,complain_overflow_dont, 0,"R_SPARC_NONE", FALSE,0,0x00000000,TRUE),
+ HOWTO (R_SPARC_NONE, 0,3, 0,FALSE,0,complain_overflow_dont, 0,"R_SPARC_NONE", FALSE,0,0x00000000,TRUE),
HOWTO (R_SPARC_8, 0,0, 8,FALSE,0,complain_overflow_bitfield,0,"R_SPARC_8", FALSE,0,0x000000ff,TRUE),
HOWTO (R_SPARC_16, 0,1,16,FALSE,0,complain_overflow_bitfield,0,"R_SPARC_16", FALSE,0,0x0000ffff,TRUE),
HOWTO (R_SPARC_32, 0,2,32,FALSE,0,complain_overflow_bitfield,0,"R_SPARC_32", FALSE,0,0xffffffff,TRUE),
diff --git a/bfd/pdp11.c b/bfd/pdp11.c
index 593c5ca..39e0583 100644
--- a/bfd/pdp11.c
+++ b/bfd/pdp11.c
@@ -1172,6 +1172,14 @@ NAME (aout, set_section_contents) (bfd *abfd,
if (bfd_seek (abfd, section->filepos + offset, SEEK_SET) != 0
|| bfd_bwrite (location, count, abfd) != count)
return FALSE;
+
+ /* If necessary, pad the section to its aligned size. */
+ if ((section == obj_datasec (abfd)
+ || section == obj_textsec (abfd))
+ && count < section->size
+ && (bfd_seek (abfd, section->filepos + offset + section->size - 1, SEEK_SET) != 0
+ || bfd_bwrite ("", 1, abfd) != 1))
+ return FALSE;
}
return TRUE;
@@ -1189,6 +1197,14 @@ aout_get_external_symbols (bfd *abfd)
count = exec_hdr (abfd)->a_syms / EXTERNAL_NLIST_SIZE;
+ /* PR 17512: file: 011f5a08. */
+ if (count == 0)
+ {
+ obj_aout_external_syms (abfd) = NULL;
+ obj_aout_external_sym_count (abfd) = count;
+ return TRUE;
+ }
+
#ifdef USE_MMAP
if (! bfd_get_file_window (abfd, obj_sym_filepos (abfd),
exec_hdr (abfd)->a_syms,
@@ -3152,7 +3168,7 @@ aout_link_reloc_link_order (struct aout_final_link_info *flaginfo,
size = bfd_get_reloc_size (howto);
buf = bfd_zmalloc (size);
- if (buf == NULL)
+ if (buf == NULL && size != 0)
return FALSE;
r = MY_relocate_contents (howto, flaginfo->output_bfd,
pr->addend, buf);
diff --git a/bfd/reloc.c b/bfd/reloc.c
index dc47173..ba73ef7 100644
--- a/bfd/reloc.c
+++ b/bfd/reloc.c
@@ -437,6 +437,7 @@ bfd_get_reloc_size (reloc_howto_type *howto)
case 3: return 0;
case 4: return 8;
case 8: return 16;
+ case -1: return 2;
case -2: return 4;
default: abort ();
}
@@ -578,7 +579,7 @@ bfd_perform_relocation (bfd *abfd,
{
bfd_vma relocation;
bfd_reloc_status_type flag = bfd_reloc_ok;
- bfd_size_type octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+ bfd_size_type octets;
bfd_vma output_base = 0;
reloc_howto_type *howto = reloc_entry->howto;
asection *reloc_target_output_section;
@@ -592,6 +593,10 @@ bfd_perform_relocation (bfd *abfd,
return bfd_reloc_ok;
}
+ /* PR 17512: file: 0f67f69d. */
+ if (howto == NULL)
+ return bfd_reloc_undefined;
+
/* If we are not producing relocatable output, return an error if
the symbol is not defined. An undefined weak symbol is
considered to have a value of zero (SVR4 ABI, p. 4-27). */
@@ -613,8 +618,12 @@ bfd_perform_relocation (bfd *abfd,
return cont;
}
- /* Is the address of the relocation really within the section? */
- if (reloc_entry->address > bfd_get_section_limit (abfd, input_section))
+ /* Is the address of the relocation really within the section?
+ Include the size of the reloc in the test for out of range addresses.
+ PR 17512: file: c146ab8b, 46dff27f, 38e53ebf. */
+ octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+ if (octets + bfd_get_reloc_size (howto)
+ > bfd_get_section_limit_octets (abfd, input_section))
return bfd_reloc_outofrange;
/* Work out which section the relocation is targeted at and the
@@ -964,7 +973,7 @@ bfd_install_relocation (bfd *abfd,
{
bfd_vma relocation;
bfd_reloc_status_type flag = bfd_reloc_ok;
- bfd_size_type octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+ bfd_size_type octets;
bfd_vma output_base = 0;
reloc_howto_type *howto = reloc_entry->howto;
asection *reloc_target_output_section;
@@ -997,7 +1006,9 @@ bfd_install_relocation (bfd *abfd,
}
/* Is the address of the relocation really within the section? */
- if (reloc_entry->address > bfd_get_section_limit (abfd, input_section))
+ octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+ if (octets + bfd_get_reloc_size (howto)
+ > bfd_get_section_limit_octets (abfd, input_section))
return bfd_reloc_outofrange;
/* Work out which section the relocation is targeted at and the
@@ -1332,9 +1343,11 @@ _bfd_final_link_relocate (reloc_howto_type *howto,
bfd_vma addend)
{
bfd_vma relocation;
+ bfd_size_type octets = address * bfd_octets_per_byte (input_bfd);
/* Sanity check the address. */
- if (address > bfd_get_section_limit (input_bfd, input_section))
+ if (octets + bfd_get_reloc_size (howto)
+ > bfd_get_section_limit_octets (input_bfd, input_section))
return bfd_reloc_outofrange;
/* This function assumes that we are dealing with a basic relocation
@@ -1389,8 +1402,9 @@ _bfd_relocate_contents (reloc_howto_type *howto,
switch (size)
{
default:
- case 0:
abort ();
+ case 0:
+ return bfd_reloc_ok;
case 1:
x = bfd_get_8 (input_bfd, location);
break;
@@ -1557,8 +1571,9 @@ _bfd_clear_contents (reloc_howto_type *howto,
switch (size)
{
default:
- case 0:
abort ();
+ case 0:
+ return;
case 1:
x = bfd_get_8 (input_bfd, location);
break;
@@ -7655,11 +7670,23 @@ bfd_generic_get_relocated_section_contents (bfd *abfd,
abfd, input_section, * parent);
goto error_return;
+ case bfd_reloc_notsupported:
+ /* PR ld/17512
+ This error can result when processing a corrupt binary.
+ Do not abort. Issue an error message instead. */
+ link_info->callbacks->einfo
+ (_("%X%P: %B(%A): relocation \"%R\" is not supported\n"),
+ abfd, input_section, * parent);
+ goto error_return;
+
default:
- abort ();
+ /* PR 17512; file: 90c2a92e.
+ Report unexpected results, without aborting. */
+ link_info->callbacks->einfo
+ (_("%X%P: %B(%A): relocation \"%R\" returns an unrecognized value %x\n"),
+ abfd, input_section, * parent, r);
break;
}
-
}
}
}
diff --git a/bfd/syms.c b/bfd/syms.c
index a1d1d77..02e191d 100644
--- a/bfd/syms.c
+++ b/bfd/syms.c
@@ -1191,6 +1191,8 @@ _bfd_stab_section_find_nearest_line (bfd *abfd,
{
nul_fun = stab;
nul_str = str;
+ if (file_name >= (char *) info->strs + strsize || file_name < (char *) str)
+ file_name = NULL;
if (stab + STABSIZE + TYPEOFF < info->stabs + stabsize
&& *(stab + STABSIZE + TYPEOFF) == (bfd_byte) N_SO)
{
@@ -1200,6 +1202,8 @@ _bfd_stab_section_find_nearest_line (bfd *abfd,
directory_name = file_name;
file_name = ((char *) str
+ bfd_get_32 (abfd, stab + STRDXOFF));
+ if (file_name >= (char *) info->strs + strsize || file_name < (char *) str)
+ file_name = NULL;
}
}
break;
@@ -1207,6 +1211,10 @@ _bfd_stab_section_find_nearest_line (bfd *abfd,
case N_SOL:
/* The name of an include file. */
file_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF);
+ /* PR 17512: file: 0c680a1f. */
+ /* PR 17512: file: 5da8aec4. */
+ if (file_name >= (char *) info->strs + strsize || file_name < (char *) str)
+ file_name = NULL;
break;
case N_FUN:
@@ -1214,6 +1222,8 @@ _bfd_stab_section_find_nearest_line (bfd *abfd,
function_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF);
if (function_name == (char *) str)
continue;
+ if (function_name >= (char *) info->strs + strsize)
+ function_name = NULL;
nul_fun = NULL;
info->indextable[i].val = bfd_get_32 (abfd, stab + VALOFF);
@@ -1321,6 +1331,8 @@ _bfd_stab_section_find_nearest_line (bfd *abfd,
if (val <= offset)
{
file_name = (char *) str + bfd_get_32 (abfd, stab + STRDXOFF);
+ if (file_name >= (char *) info->strs + strsize || file_name < (char *) str)
+ file_name = NULL;
*pline = 0;
}
break;
diff --git a/bfd/tekhex.c b/bfd/tekhex.c
index 0328689..5620e85 100644
--- a/bfd/tekhex.c
+++ b/bfd/tekhex.c
@@ -267,7 +267,7 @@ typedef struct tekhex_data_struct
#define enda(x) (x->vma + x->size)
static bfd_boolean
-getvalue (char **srcp, bfd_vma *valuep)
+getvalue (char **srcp, bfd_vma *valuep, char * endp)
{
char *src = *srcp;
bfd_vma value = 0;
@@ -279,7 +279,7 @@ getvalue (char **srcp, bfd_vma *valuep)
len = hex_value (*src++);
if (len == 0)
len = 16;
- while (len--)
+ while (len-- && src < endp)
{
if (!ISHEX (*src))
return FALSE;
@@ -288,11 +288,11 @@ getvalue (char **srcp, bfd_vma *valuep)
*srcp = src;
*valuep = value;
- return TRUE;
+ return len == -1U;
}
static bfd_boolean
-getsym (char *dstp, char **srcp, unsigned int *lenp)
+getsym (char *dstp, char **srcp, unsigned int *lenp, char * endp)
{
char *src = *srcp;
unsigned int i;
@@ -304,12 +304,12 @@ getsym (char *dstp, char **srcp, unsigned int *lenp)
len = hex_value (*src++);
if (len == 0)
len = 16;
- for (i = 0; i < len; i++)
+ for (i = 0; i < len && src < endp; i++)
dstp[i] = src[i];
dstp[i] = 0;
*srcp = src + i;
*lenp = len;
- return TRUE;
+ return i == len;
}
static struct data_struct *
@@ -354,7 +354,7 @@ insert_byte (bfd *abfd, int value, bfd_vma addr)
how big the data is. */
static bfd_boolean
-first_phase (bfd *abfd, int type, char *src)
+first_phase (bfd *abfd, int type, char *src, char * src_end)
{
asection *section, *alt_section;
unsigned int len;
@@ -368,21 +368,21 @@ first_phase (bfd *abfd, int type, char *src)
{
bfd_vma addr;
- if (!getvalue (&src, &addr))
+ if (!getvalue (&src, &addr, src_end))
return FALSE;
- while (*src)
+ while (*src && src < src_end - 1)
{
insert_byte (abfd, HEX (src), addr);
src += 2;
addr++;
}
+ return TRUE;
}
- return TRUE;
case '3':
/* Symbol record, read the segment. */
- if (!getsym (sym, &src, &len))
+ if (!getsym (sym, &src, &len, src_end))
return FALSE;
section = bfd_get_section_by_name (abfd, sym);
if (section == NULL)
@@ -397,17 +397,23 @@ first_phase (bfd *abfd, int type, char *src)
return FALSE;
}
alt_section = NULL;
- while (*src)
+ while (src < src_end && *src)
{
switch (*src)
{
case '1': /* Section range. */
src++;
- if (!getvalue (&src, §ion->vma))
+ if (!getvalue (&src, §ion->vma, src_end))
return FALSE;
- if (!getvalue (&src, &val))
+ if (!getvalue (&src, &val, src_end))
return FALSE;
+ if (val < section->vma)
+ val = section->vma;
section->size = val - section->vma;
+ /* PR 17512: file: objdump-s-endless-loop.tekhex.
+ Check for overlarge section sizes. */
+ if (section->size & 0x80000000)
+ return FALSE;
section->flags = SEC_HAS_CONTENTS | SEC_LOAD | SEC_ALLOC;
break;
case '0':
@@ -432,7 +438,7 @@ first_phase (bfd *abfd, int type, char *src)
abfd->flags |= HAS_SYMS;
new_symbol->prev = abfd->tdata.tekhex_data->symbols;
abfd->tdata.tekhex_data->symbols = new_symbol;
- if (!getsym (sym, &src, &len))
+ if (!getsym (sym, &src, &len, src_end))
return FALSE;
new_symbol->symbol.name = (const char *)
bfd_alloc (abfd, (bfd_size_type) len + 1);
@@ -480,7 +486,7 @@ first_phase (bfd *abfd, int type, char *src)
new_symbol->symbol.section = alt_section;
}
}
- if (!getvalue (&src, &val))
+ if (!getvalue (&src, &val, src_end))
return FALSE;
new_symbol->symbol.value = val - section->vma;
break;
@@ -498,7 +504,7 @@ first_phase (bfd *abfd, int type, char *src)
record. */
static bfd_boolean
-pass_over (bfd *abfd, bfd_boolean (*func) (bfd *, int, char *))
+pass_over (bfd *abfd, bfd_boolean (*func) (bfd *, int, char *, char *))
{
unsigned int chars_on_line;
bfd_boolean is_eof = FALSE;
@@ -539,8 +545,7 @@ pass_over (bfd *abfd, bfd_boolean (*func) (bfd *, int, char *))
/* Put a null at the end. */
src[chars_on_line] = 0;
-
- if (!func (abfd, type, src))
+ if (!func (abfd, type, src, src + chars_on_line))
return FALSE;
}
@@ -957,6 +962,7 @@ tekhex_print_symbol (bfd *abfd,
#define tekhex_find_nearest_line _bfd_nosymbols_find_nearest_line
#define tekhex_find_line _bfd_nosymbols_find_line
#define tekhex_find_inliner_info _bfd_nosymbols_find_inliner_info
+#define tekhex_get_symbol_version_string _bfd_nosymbols_get_symbol_version_string
#define tekhex_bfd_make_debug_symbol _bfd_nosymbols_bfd_make_debug_symbol
#define tekhex_read_minisymbols _bfd_generic_read_minisymbols
#define tekhex_minisymbol_to_symbol _bfd_generic_minisymbol_to_symbol
diff --git a/bfd/versados.c b/bfd/versados.c
index 42bf36c..fecfdde 100644
--- a/bfd/versados.c
+++ b/bfd/versados.c
@@ -57,6 +57,7 @@ struct esdid
{
asection *section; /* Ptr to bfd version. */
unsigned char *contents; /* Used to build image. */
+ bfd_size_type content_size; /* The size of the contents buffer. */
int pc;
int relocs; /* Reloc count, valid end of pass 1. */
int donerel; /* Have relocs been translated. */
@@ -85,8 +86,8 @@ typedef struct versados_data_struct
tdata_type;
#define VDATA(abfd) (abfd->tdata.versados_data)
-#define EDATA(abfd, n) (abfd->tdata.versados_data->e[n])
-#define RDATA(abfd, n) (abfd->tdata.versados_data->rest[n])
+#define EDATA(abfd, n) (abfd->tdata.versados_data->e[(n) < 16 ? (n) : 0])
+#define RDATA(abfd, n) (abfd->tdata.versados_data->rest[(n) < 240 ? (n) : 0])
struct ext_otr
{
@@ -181,14 +182,22 @@ versados_new_symbol (bfd *abfd,
return n;
}
-static int
+static bfd_boolean
get_record (bfd *abfd, union ext_any *ptr)
{
if (bfd_bread (&ptr->size, (bfd_size_type) 1, abfd) != 1
|| (bfd_bread ((char *) ptr + 1, (bfd_size_type) ptr->size, abfd)
!= ptr->size))
- return 0;
- return 1;
+ return FALSE;
+
+ {
+ bfd_size_type amt = ptr->size + 1;
+
+ if (amt < sizeof (* ptr))
+ memset ((char *) ptr + amt, 0, sizeof (* ptr) - amt);
+ }
+
+ return TRUE;
}
static int
@@ -364,11 +373,19 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass)
| (otr->map[2] << 8)
| (otr->map[3] << 0);
- struct esdid *esdid = &EDATA (abfd, otr->esdid - 1);
- unsigned char *contents = esdid->contents;
- int need_contents = 0;
- unsigned int dst_idx = esdid->pc;
-
+ struct esdid *esdid;
+ unsigned char *contents;
+ bfd_boolean need_contents = FALSE;
+ unsigned int dst_idx;
+
+ /* PR 17512: file: ac7da425. */
+ if (otr->esdid == 0)
+ return;
+
+ esdid = &EDATA (abfd, otr->esdid - 1);
+ contents = esdid->contents;
+ dst_idx = esdid->pc;
+
for (shift = ((unsigned long) 1 << 31); shift && srcp < endp; shift >>= 1)
{
if (bits & shift)
@@ -390,8 +407,8 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass)
int val = get_offset (offsetlen, srcp + esdids);
if (pass == 1)
- need_contents = 1;
- else
+ need_contents = TRUE;
+ else if (contents && dst_idx < esdid->content_size - sizeinwords * 2)
for (j = 0; j < sizeinwords * 2; j++)
{
contents[dst_idx + (sizeinwords * 2) - j - 1] = val;
@@ -413,10 +430,13 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass)
}
else
{
- arelent *n =
- EDATA (abfd, otr->esdid - 1).section->relocation + rn;
- n->address = dst_idx;
+ arelent *n;
+ /* PR 17512: file: 54f733e0. */
+ if (EDATA (abfd, otr->esdid - 1).section == NULL)
+ continue;
+ n = EDATA (abfd, otr->esdid - 1).section->relocation + rn;
+ n->address = dst_idx;
n->sym_ptr_ptr = (asymbol **) (size_t) id;
n->addend = 0;
n->howto = versados_howto_table + ((j & 1) * 2) + (sizeinwords - 1);
@@ -429,31 +449,42 @@ process_otr (bfd *abfd, struct ext_otr *otr, int pass)
}
else
{
- need_contents = 1;
- if (dst_idx < esdid->section->size)
+ need_contents = TRUE;
+
+ if (esdid->section && contents && dst_idx < esdid->content_size - 1)
if (pass == 2)
{
/* Absolute code, comes in 16 bit lumps. */
contents[dst_idx] = srcp[0];
contents[dst_idx + 1] = srcp[1];
}
+
dst_idx += 2;
srcp += 2;
}
}
+
EDATA (abfd, otr->esdid - 1).pc = dst_idx;
if (!contents && need_contents)
{
- bfd_size_type size = esdid->section->size;
- esdid->contents = bfd_alloc (abfd, size);
+ if (esdid->section)
+ {
+ bfd_size_type size;
+
+ size = esdid->section->size;
+ esdid->contents = bfd_alloc (abfd, size);
+ esdid->content_size = size;
+ }
+ else
+ esdid->contents = NULL;
}
}
static bfd_boolean
versados_scan (bfd *abfd)
{
- int loop = 1;
+ bfd_boolean loop = TRUE;
int i;
int j;
int nsecs = 0;
@@ -471,13 +502,13 @@ versados_scan (bfd *abfd)
union ext_any any;
if (!get_record (abfd, &any))
- return TRUE;
+ return FALSE;
switch (any.header.type)
{
case VHEADER:
break;
case VEND:
- loop = 0;
+ loop = FALSE;
break;
case VESTDEF:
process_esd (abfd, &any.esd, 1);
@@ -504,7 +535,6 @@ versados_scan (bfd *abfd)
{
amt = (bfd_size_type) esdid->relocs * sizeof (arelent);
esdid->section->relocation = bfd_alloc (abfd, amt);
-
esdid->pc = 0;
if (esdid->contents)
@@ -563,7 +593,7 @@ versados_scan (bfd *abfd)
VDATA (abfd)->ref_idx = 0;
- return 1;
+ return TRUE;
}
/* Check whether an existing file is a versados file. */
@@ -585,6 +615,13 @@ versados_object_p (bfd *abfd)
return NULL;
}
+ /* PR 17512: file: 726-2128-0.004. */
+ if (len < 13)
+ {
+ bfd_set_error (bfd_error_wrong_format);
+ return NULL;
+ }
+
if (bfd_bread (&ext.type, (bfd_size_type) len, abfd) != len)
{
if (bfd_get_error () != bfd_error_system_call)
@@ -652,12 +689,20 @@ versados_get_section_contents (bfd *abfd,
file_ptr offset,
bfd_size_type count)
{
+ struct esdid *esdid;
+
if (!versados_pass_2 (abfd))
return FALSE;
- memcpy (location,
- EDATA (abfd, section->target_index).contents + offset,
- (size_t) count);
+ esdid = &EDATA (abfd, section->target_index);
+
+ if (esdid->contents == NULL
+ || offset < 0
+ || (bfd_size_type) offset > esdid->content_size
+ || offset + count > esdid->content_size)
+ return FALSE;
+
+ memcpy (location, esdid->contents + offset, (size_t) count);
return TRUE;
}
@@ -758,6 +803,7 @@ versados_canonicalize_reloc (bfd *abfd,
versados_pass_2 (abfd);
src = section->relocation;
+
if (!EDATA (abfd, section->target_index).donerel)
{
EDATA (abfd, section->target_index).donerel = 1;
@@ -773,8 +819,15 @@ versados_canonicalize_reloc (bfd *abfd,
/* Section relative thing. */
struct esdid *e = &EDATA (abfd, esdid - 1);
- src[count].sym_ptr_ptr = e->section->symbol_ptr_ptr;
+ /* PR 17512: file:cd92277c. */
+ if (e->section)
+ src[count].sym_ptr_ptr = e->section->symbol_ptr_ptr;
+ else
+ src[count].sym_ptr_ptr = bfd_und_section_ptr->symbol_ptr_ptr;
}
+ /* PR 17512: file:3757-2936-0.004. */
+ else if ((unsigned) (esdid - ES_BASE) >= bfd_get_symcount (abfd))
+ src[count].sym_ptr_ptr = bfd_und_section_ptr->symbol_ptr_ptr;
else
src[count].sym_ptr_ptr = symbols + esdid - ES_BASE;
}
@@ -796,6 +849,7 @@ versados_canonicalize_reloc (bfd *abfd,
#define versados_find_nearest_line _bfd_nosymbols_find_nearest_line
#define versados_find_line _bfd_nosymbols_find_line
#define versados_find_inliner_info _bfd_nosymbols_find_inliner_info
+#define versados_get_symbol_version_string _bfd_nosymbols_get_symbol_version_string
#define versados_make_empty_symbol _bfd_generic_make_empty_symbol
#define versados_bfd_make_debug_symbol _bfd_nosymbols_bfd_make_debug_symbol
#define versados_read_minisymbols _bfd_generic_read_minisymbols
diff --git a/bfd/vms-alpha.c b/bfd/vms-alpha.c
index 5ff5bfd..006928f 100644
--- a/bfd/vms-alpha.c
+++ b/bfd/vms-alpha.c
@@ -364,18 +364,18 @@ struct vms_section_data_struct
((struct vms_section_data_struct *)sec->used_by_bfd)
/* To be called from the debugger. */
-struct vms_private_data_struct *bfd_vms_get_data (bfd *abfd);
+struct vms_private_data_struct *bfd_vms_get_data (bfd *);
-static int vms_get_remaining_object_record (bfd *abfd, int read_so_far);
-static bfd_boolean _bfd_vms_slurp_object_records (bfd * abfd);
+static int vms_get_remaining_object_record (bfd *, unsigned int);
+static bfd_boolean _bfd_vms_slurp_object_records (bfd *);
static void alpha_vms_add_fixup_lp (struct bfd_link_info *, bfd *, bfd *);
static void alpha_vms_add_fixup_ca (struct bfd_link_info *, bfd *, bfd *);
static void alpha_vms_add_fixup_qr (struct bfd_link_info *, bfd *, bfd *,
bfd_vma);
static void alpha_vms_add_fixup_lr (struct bfd_link_info *, unsigned int,
bfd_vma);
-static void alpha_vms_add_lw_reloc (struct bfd_link_info *info);
-static void alpha_vms_add_qw_reloc (struct bfd_link_info *info);
+static void alpha_vms_add_lw_reloc (struct bfd_link_info *);
+static void alpha_vms_add_qw_reloc (struct bfd_link_info *);
struct vector_type
{
@@ -521,6 +521,9 @@ _bfd_vms_slurp_eisd (bfd *abfd, unsigned int offset)
asection *section;
flagword bfd_flags;
+ /* PR 17512: file: 3d9e9fe9. */
+ if (offset >= PRIV (recrd.rec_size))
+ return FALSE;
eisd = (struct vms_eisd *)(PRIV (recrd.rec) + offset);
rec_size = bfd_getl32 (eisd->eisdsize);
@@ -788,7 +791,7 @@ _bfd_vms_get_object_record (bfd *abfd)
Return the size of the record or 0 on failure. */
static int
-vms_get_remaining_object_record (bfd *abfd, int read_so_far)
+vms_get_remaining_object_record (bfd *abfd, unsigned int read_so_far)
{
unsigned int to_read;
@@ -824,6 +827,9 @@ vms_get_remaining_object_record (bfd *abfd, int read_so_far)
return 0;
PRIV (recrd.buf_size) = to_read;
}
+ /* PR 17512: file: 025-1974-0.004. */
+ else if (to_read <= read_so_far)
+ return 0;
/* Read the remaining record. */
to_read -= read_so_far;
@@ -854,9 +860,12 @@ _bfd_vms_slurp_ehdr (bfd *abfd)
{
unsigned char *ptr;
unsigned char *vms_rec;
+ unsigned char *end;
int subtype;
vms_rec = PRIV (recrd.rec);
+ /* PR 17512: file: 62736583. */
+ end = PRIV (recrd.buf) + PRIV (recrd.buf_size);
vms_debug2 ((2, "HDR/EMH\n"));
@@ -868,28 +877,42 @@ _bfd_vms_slurp_ehdr (bfd *abfd)
{
case EMH__C_MHD:
/* Module header. */
+ if (vms_rec + 21 >= end)
+ goto fail;
PRIV (hdr_data).hdr_b_strlvl = vms_rec[6];
PRIV (hdr_data).hdr_l_arch1 = bfd_getl32 (vms_rec + 8);
PRIV (hdr_data).hdr_l_arch2 = bfd_getl32 (vms_rec + 12);
PRIV (hdr_data).hdr_l_recsiz = bfd_getl32 (vms_rec + 16);
+ if ((vms_rec + 20 + vms_rec[20] + 1) >= end)
+ goto fail;
PRIV (hdr_data).hdr_t_name = _bfd_vms_save_counted_string (vms_rec + 20);
ptr = vms_rec + 20 + vms_rec[20] + 1;
+ if ((ptr + *ptr + 1) >= end)
+ goto fail;
PRIV (hdr_data).hdr_t_version =_bfd_vms_save_counted_string (ptr);
ptr += *ptr + 1;
+ if (ptr + 17 >= end)
+ goto fail;
PRIV (hdr_data).hdr_t_date = _bfd_vms_save_sized_string (ptr, 17);
break;
case EMH__C_LNM:
+ if (vms_rec + PRIV (recrd.rec_size - 6) > end)
+ goto fail;
PRIV (hdr_data).hdr_c_lnm =
_bfd_vms_save_sized_string (vms_rec, PRIV (recrd.rec_size - 6));
break;
case EMH__C_SRC:
+ if (vms_rec + PRIV (recrd.rec_size - 6) > end)
+ goto fail;
PRIV (hdr_data).hdr_c_src =
_bfd_vms_save_sized_string (vms_rec, PRIV (recrd.rec_size - 6));
break;
case EMH__C_TTL:
+ if (vms_rec + PRIV (recrd.rec_size - 6) > end)
+ goto fail;
PRIV (hdr_data).hdr_c_ttl =
_bfd_vms_save_sized_string (vms_rec, PRIV (recrd.rec_size - 6));
break;
@@ -900,6 +923,7 @@ _bfd_vms_slurp_ehdr (bfd *abfd)
break;
default:
+ fail:
bfd_set_error (bfd_error_wrong_format);
return FALSE;
}
@@ -2524,6 +2548,9 @@ alpha_vms_object_p (bfd *abfd)
/* Reset the record pointer. */
PRIV (recrd.rec) = buf;
+ /* PR 17512: file: 7d7c57c2. */
+ if (PRIV (recrd.rec_size) < sizeof (struct vms_eihd))
+ goto error_ret;
vms_debug2 ((2, "file type is image\n"));
if (_bfd_vms_slurp_eihd (abfd, &eisd_offset, &eihs_offset) != TRUE)
@@ -9188,6 +9215,9 @@ bfd_vms_get_data (bfd *abfd)
((bfd_boolean (*) (bfd *, asymbol *)) bfd_false)
#define alpha_vms_print_symbol vms_print_symbol
#define alpha_vms_get_symbol_info vms_get_symbol_info
+#define alpha_vms_get_symbol_version_string \
+ _bfd_nosymbols_get_symbol_version_string
+
#define alpha_vms_read_minisymbols _bfd_generic_read_minisymbols
#define alpha_vms_minisymbol_to_symbol _bfd_generic_minisymbol_to_symbol
#define alpha_vms_get_lineno _bfd_nosymbols_get_lineno